There’s a new reminder for promotional products companies to take the threat of cybercrime seriously; attacks can happen to anyone.
HALO (PPAI 106462, Platinum) – ranked the No. 2 distributor in the inaugural PPAI 100 – suffered a data breach in November 2023 that affected 7,305 people, according to a report filed this week with the Office of the Maine Attorney General.
- The Sterling, Illinois-based company reported that it was hacked on November 22, 2023, resulting in unauthorized access to some of its computer systems.
“We immediately took steps to contain the incident and engaged federal law enforcement and leading cybersecurity experts to investigate the matter,” HALO told PPAI Media. “It wasn’t until February 2024 that our investigation discovered that the data we reported to the state of Maine was impacted.”
What Happened?
In a notice to impacted people sent on March 28, HALO CEO Marc Simon said that some computer systems were accessed by a “sophisticated threat actor” who evaded detection by HALO’s information security defenses.
The threat actor stole private information, such as names, birthdays and Social Security numbers of some of its current and former employees, as well as independent contractors, HALO said.
- That information was provided to HALO’s human resources department for tax or benefits purposes, according to the notice.
“Upon discovering the situation, we promptly took these systems offline, notified law enforcement and engaged cybersecurity experts to investigate,” Simon said, adding that HALO has recovered the files.
“To our knowledge, we’re not aware of any actual or attempted misuse of personal information as a result of this incident,” Simon said.
Next Steps
“Since early December, HALO has been operating normally and is confident the incident has been contained,” the firm told PPAI Media.
Ongoing efforts since the data breach include HALO working with external cybersecurity experts to investigate what happened, strengthening its computer network and monitoring the “dark web” for information relating to the company, Simon said.
HALO is offering affected people the option to enroll in an identity protection solution from Cyberscout free of charge for 12 months.
- In the notice, HALO also included an Identity Protection Reference Guide that includes information on general steps you can take to monitor and protect your personal information.
“Please know that we’ve taken a number of steps to address this situation, and that we’re committed to doing the right thing for everyone involved,” Simon said.
- HALO earned PPAI 100 High Marks in the Innovation category in 2023.
Increased Scrutiny
As the threat from cyberattacks evolves, the importance of customer data security is vital for all B2B businesses, including those in promotional products. Large end-buyer prospects in particular are sensitive to the need for data security, distributors say.
RELATED: Cybersecurity: Big Business’s No. 1 Vendor Priority
As with other digital transformation initiatives, it’s recommended that security receive close executive supervision. On average, promo’s largest companies are more focused on cybersecurity.
- At distributors with revenue north of $250 million, PPAI research from 2023 showed that 56% of companies had senior executives review security vulnerability reports at least weekly (The State Of Innovation 2023: Distributor Benchmarking).
- Among $250 million and larger suppliers, 40% have senior executives reviewing security vulnerability at least weekly (The State Of Innovation 2023: Supplier Benchmarking).
