Acuity Issues Notice of Data Security Incidents in 2020 and 2021
December 19, 2022
Acuity Brands identified a data security incident, immediately took steps to secure its systems, and a third-party cybersecurity firm was engaged to conduct a thorough investigation. This notice explains the incident and the measures Acuity has taken in response.
The investigation determined that an unauthorized person obtained access to some of Acuity’s systems on December 7 and December 8, 2021, and copied a subset of files out of its network during that time. During the investigation, Acuity also discovered evidence of an unrelated incident of unauthorized access that occurred on October 6 and October 7, 2020, which included an attempt to copy certain files out of its network. Acuity conducted a review of the files from both incidents. The review identified that they contained personal information for current and former employees and members of Acuity’s health plan.
“Our investigation concluded that only employee data was involved, sensitive customer data was not impacted, and that the incident did not have a material impact on Acuity’s business,” said the company in their notice.
The files involved in the December 2021 incident may have included the name, Social Security number, and enrollment and claims information related to current and former employees’ participation in Acuity’s health plan. In addition, the information in the files may have included the name, driver’s license number, financial account information, and limited health information related to other aspects of an individual’s employment with Acuity, such as injury information related to workers compensation claims or related to requests for leave under the Family and Medical Leave Act. The types of information in the files were not the same for all individuals.
Go HERE for the full release
