MARLTON, N.J. - Jan. 31, 2022 - PRLog -- Console & Associates, P.C. recently announced the firm has opened an investigation into the recent R.R. Donnelley data breach in hopes of determining what, if any, legal remedies those affected by the breach may have against the corporation. If evidence emerges that R.R. Donnelley was negligent in how it maintained consumer data leading up to the data breach or otherwise failed to protect the privacy of consumers, the company may be financially liable through a data breach class action lawsuit.

Data breaches have been in the news a lot over the past few months. However, few consumers understand the very real risks these events present. A data breach occurs when an unauthorized party gains access to a company's computer networks that contain sensitive information about consumers. While there are many ways in which hackers or other criminal actors can orchestrate a data breach, they are often the result of a person hacking into a company's network, either removing data or installing ransomware on the network. Ransomware is a type of malicious software, or malware, that blocks access to a device unless they pay a ransom to the party who installed the program. Often, ransomware is delivered through the use of a "trojan," which is a seemingly harmless file that installs the software when the user opens the file.

Not every data breach results in an unauthorized party accessing or using consumer data. However, one of the most common reasons why criminal actors conduct cyberattacks is to obtain information that they can later use to commit identity theft.

News of the RR Donnelley data breach is very fresh, and the investigation into this cybersecurity event is still in its early stages. However, the mere fact that the breach occurred raises serious concerns about R.R. Donnelley's efforts to keep consumer data safe from cyber threats. If it turns out that R.R. Donnelley mishandled consumer data leading up to the breach or failed to ensure adequate security measures to protect consumer data, those affected may be eligible for financial compensation.

Attorney Richard Console explains, "It's easy to place all the blame for a data breach on the person who hacks into an organization's system; however, this ignores the legal and moral obligation that these companies owe to customers. When someone gives a company their business, they trust that the information in the organization's possession will remain private—and out of the hands of criminals. While protecting consumer data requires a business to undergo some effort and expense, in our current environment of widespread hacking, this is a cost of doing business that all organizations must take seriously."

According to an official document filed with the Security and Exchange Commission, on December 27, 2021, R.R. Donnelly "identified a systems intrusion in its technical environment." While R.R. Donnelley did not provide additional information about the cyberattack, it appears as though an unauthorized party installed ransomware on the company's network, leading to the breach.

A news outlet reported that the Conti ransomware gang claimed responsibility for the cyberattack and began leaking 2.5GB of data allegedly stolen from RRD. Subsequently, R.R. Donnelly confirmed that consumer data was stolen during the attack. While the extent of the breach has not yet been disclosed, those who provided their personal information to R.R. Donnelly should expect the company to follow up with a data breach notice if their data was affected by the breach.

In the event R.R. Donnelly sends out data breach notifications to consumers affected by the breach, those in receipt of such a notice should take the following steps to protect themselves:

1. Carefully review the letter sent by R.R. Donnelley;
2. Retain a copy of the data breach notification letter;
3. Change all passwords and security questions to online accounts;
4. Frequently review all credit card and bank account statements for any signs of fraud or unauthorized activity;
5. Monitor credit reports for any unexpected changes or signs of identity theft;
6. Contact a credit bureau to request a temporary fraud alert; and
7. Notify all banks and credit card companies of the data breach.