Strauss Borrelli PLLC, a leading data breach law firm, is investigating Schmitty & Sons, regarding its recent data breach. The Schmitty & Sons data breach may have involved sensitive personal identifiable information belonging to over 3,900 individuals.
ABOUT SCHMITTY & SONS:
Schmitty & Sons is an employee-owned bus transportation company based in Minnesota. Founded in 1952, Schmitty & Sons currently operates transit buses, BRT Red Line, flex-route buses, school buses, special transportation (STS), mini/mid-size coaches, motorcoaches and a full-service maintenance facility.2 Today, Schmitty & Sons has a fleet of over 300 buses and has moved more than 75,000 passengers over the course of its history.3 Headquartered in Lakeville, Minnesota, Schmitty & Sons employs over 500 individuals.
WHAT HAPPENED?
Recently, Schmitty & Sons reported to the Attorney General of Maine that it had experienced a data breach in which sensitive personal identifiable information in its systems may have been accessed and acquired. According to the breach notice, on May 11, 2024, Schmitty & Sons experienced a network disruption. As a result, Schmitty & Sons launched an investigation to determine the nature of the incident.
Through its investigation, Schmitty & Sons discovered that sensitive personal information in its systems may have been viewed and obtained by an unauthorized third party. As a result, Schmitty & Sons began a review of the data to determine what information had been impacted as well as identify the specific individuals affected. The exact type of personal information potentially exposed has not been made publicly available by Schmitty & Sons. However, according to state reporting guidelines, “personal information” can include the following types of information:
- Name
- Social Security number
- Driver’s license or state identification card number
- Account number, credit card number or debit card number, if circumstances exist wherein such a number could be used without additional identifying information, access codes or passwords
- Account passwords or personal indemnification numbers or other access codes
On October 29, 2024, Schmitty & Sons began mailing data breach notification letters to impacted individuals. Based on the breach notice sent to Maine residents, Schmitty & Sons is providing affected individuals with a list of the specific types of sensitive information impacted and 12 months of complimentary credit monitoring services. A link to the form breach notification letters that Schmitty & Sons filed with the Attorney General of Maine is below.
If you received a breach notification letter from Schmitty & Sons:
We would like to speak with you about your rights and potential legal remedies in response to this data breach. Please fill out the form, below, or contact us at 872.263.1100 or sam@straussborrelli.com.
