Some wines benefit from aging. Breach notification letters do not.
On or about December 28, 2023, Alpha Omega Winery in California experienced what they report as a ransomware incident.
According to their notification, the types of personal information may have included, and potentially were not limited to: name, date of birth, Social Security number, driver’s license/state ID number, passport number, other government identification number, health insurance policy number, and medical information.
The winery appeared to be first notifying those affected on or about November 6, 2025 — or that is when they submitted a copy of the notification letter to the California Attorney General’s Office. If they mailed the letter more promptly, there is no indication of that in their submission. There is no indication that the notification was delayed due to any law enforcement involvement.
The letter contains an offer of two years of complimentary credit report monitoring and restoration services provided by Cyberscout. The letter was not signed by any executive or principal of the firm.
DataBreaches emailed the winery on November 7 to ask whether any files or servers were actually encrypted or if this was a case of data exfiltration with a ransom demand. DataBreaches also asked why it took the winery almost two years to notify those affected.
The inquiry was read by two individuals on November 7, including their Chief Operations Officer, but no one replied to the inquiry, and they still haven’t.
This incident was never claimed by any of the ransomware gangs indexed by a popular indexing site, so what happened and how the winery responded is still unknown. Nor do we know how many customers and/or employees may have been affected.
Update of November 27, 2025: They still have not replied. The winery has a privacy policy page on its website. Given the sensitivity of the data that was involved, it is a shame that they are not more transparent or timely in disclosing this breach.
Not read: Media Inquiry About Data Breach
From Robin Baggett on 2025-11-27 16:43
Your message
To: Robin Baggett
Subject: Media Inquiry About Data Breach
Sent: Friday, November 7, 2025 11:05:12 AM (UTC-08:00) Pacific Time (US & Canada)was deleted without being read on Thursday, November 27, 2025 1:43:25 PM (UTC-08:00) Pacific Time (US & Canada).
Final-recipient: RFC822; [email protected]