The following press release relates to an incident that Conti claimed in February, 2021. Conti dumped data from the entity on March 1, 2021 consisting of of more than 136 GB of data in 97,000 files.
ANAHEIM, Calif., Aug. 18, 2021 /PRNewswire/ — Willdan Group, Inc. (“Willdan”) is providing notice of a recent incident that may affect the security of information pertaining to certain individuals. The confidentiality, privacy, and security of information in Willdan’s care is one of its highest priorities and Willdan takes this incident very seriously. Although Willdan has not received any reports of actual or attempted misuse of the impacted information, Willdan is providing this notice in an abundance of caution.
What Happened? On December 15, 2020, Willdan learned that its direct installation subsidiary, Lime Energy, was the target of a cybercriminal attack and that portions of its computer network were infected with malware. We immediately took systems offline and, with the assistance of third-party forensic specialists, launched an investigation to determine the nature and scope of the incident. On or about March 1, 2021, the investigation confirmed that certain files on Lime Energy’s systems may have been accessed without authorization and subsequently published online by the cybercriminal. We therefore undertook a lengthy and time-intensive, thorough review of the potentially impacted files and our internal systems in order to identify the information that was involved and to whom it related. In connection with this review, on or about March 1, 2021, a third-party firm was engaged to programmatically and manually review the large volume of files at issue to identify impacted individuals and the types of data associated with those individuals. Concurrently, Willdan internally reviewed their databases and, on or about June 18, 2021, first determined that one or more of the potentially impacted folders included information related to individuals.
In conjunction and collaboration with the third-party review team, Willdan continued to diligently review the information and reconcile the information with internal and public records in furtherance of identifying the individuals to whom the data relates and the appropriate contact information for these individuals. These efforts were completed on or around July 23, 2021, at which time Willdan determined the scope of impacted individuals and the types of protected data associated with those individuals as a result of the extensive internal review.
We thereafter worked to provide notification to potentially impacted individuals as quickly as possible. Importantly, there is no indication that anyone’s specific information was misused. However, we are notifying potentially impacted individuals out of an abundance of caution.
What Information Was Involved? Our investigation determined that the information that may have been potentially affected includes name, Social Security number, driver’s license number, medical diagnosis and/or treatment information, financial account number, routing number, payment card number and payment card CVV number, and biometric data. The information impacted was not the same for every individual.
What Are We Doing? Information security is among Willdan’s highest priorities, and we have strict security measures in place to protect information in our care. Upon discovering this incident, we immediately took steps to review and reinforce the security of our systems. We are reviewing existing security policies and have implemented additional cybersecurity measures to further protect against similar incidents moving forward. We reported this incident to law enforcement and are cooperating with their investigation. We are notifying potentially impacted individuals so that they may take steps to protect their information.
For More Information. You may have questions about this incident that are not addressed in this letter. If you have additional questions and are impacted by this incident, please write to Willdan at 2401 E. Katella Avenue, Suite 300, or call Willdan at our dedicated assistance line at 1-833-704-9394, Monday through Friday, 6:00 a.m. to 8:00 p.m. PST, excluding national holidays, and Saturday and Sunday from 8:00 a.m. to 5:00 p.m. PST.