Strauss Borrelli PLLC, a leading data breach law firm, is investigating CR&R Incorporated regarding its recent data breach. The CR&R data breach may have involved sensitive personal information belonging to over 9,800 individuals.
ABOUT CR&R INCORPORATED:
CR&R is a waste collection and recycling company based in California. Founded in 1963, CR&R provides a variety of services, including residential and business waste collection and recycling, street sweeping, transportation services, organics processing, landfill disposal, storage container rental, and portable toilet rental.2 Today, CR&R serves more than 3 million people and over 25,000 businesses throughout Orange, Los Angeles, San Bernardino, Imperial and Riverside counties.3 Additionally, CR&R has operations in southern Arizona. Headquartered in Stanton, California, CR&R employs over 1,000 individuals.
WHAT HAPPENED?
Recently, CR&R reported to the Attorney General of Maine that it had experienced a data breach in which sensitive personal identifiable information in its systems may have been accessed. According to the breach notice, CR&R recently learned that it had experienced a cybersecurity incident. As a result, CR&R launched an investigation to determine the nature of the incident.
Through its investigation, CR&R confirmed that sensitive personal information in its systems may have been compromised by an unauthorized third party during the incident on October 19, 2022. As a result, CR&R began a review of the data to determine what information had been impacted as well as identify the specific individuals affected. The exact type of personal information potentially exposed has not been made publicly available by CR&R. However, according to state reporting guidelines, “personal information” can include the following types of information:
- Name
- Social Security number
- Driver’s license or state identification card number
- Account number, credit card number or debit card number, if circumstances exist wherein such a number could be used without additional identifying information, access codes or passwords
- Account passwords or personal identification numbers or other access codes
On December 26, 2024, CR&R began mailing data breach notification letters to impacted individuals. Based on the breach notice sent to Maine residents, CR&R is providing affected individuals with a list of the specific types of sensitive information impacted and 12 months of complimentary credit monitoring services. A link to the form breach notification letters that CR&R filed with the Attorney General of Maine is below.
If you received a breach notification letter from CR&R Incorporated:
We would like to speak with you about your rights and potential legal remedies in response to this data breach. Please fill out the form, below, or contact us at 872.263.1100 or sam@straussborrelli.com.
