There's a new reminder for promotional products companies to take the threat of cybercrime seriously; attacks can happen to anyone.

HALO (PPAI 106462, Platinum) – ranked the No. 2 distributor in the inaugural PPAI 100 – suffered a data breach in November 2023 that affected 7,305 people, according to a report filed this week with the Office of the Maine Attorney General.

• The Sterling, Illinois-based company reported that it was hacked on November 22, 2023, resulting in unauthorized access to some of its computer systems.  

“We immediately took steps to contain the incident and engaged federal law enforcement and leading cybersecurity experts to investigate the matter,” HALO told PPAI Media. "It wasn't until February 2024 that our investigation discovered that the data we reported to the state of Maine was impacted."

What Happened?

In a notice to impacted clients sent on March 28, HALO CEO Marc Simon said that some computer systems were accessed by a “sophisticated threat actor” who evaded detection by HALO’s information security defenses.

The threat actor stole private information, such as names, birthdays and Social Security numbers of some of its current and former employees, as well as independent contractors, HALO said.  

• That information was provided to HALO’s human resources department for tax or benefits purposes, according to the notice.

 

“Upon discovering the situation, we promptly took these systems offline, notified law enforcement and engaged cybersecurity experts to investigate," Simon said, adding that HALO has recovered the files.

“To our knowledge, we’re not aware of any actual or attempted misuse of personal information as a result of this incident,” Simon said.

Next Steps

“Since early December, HALO has been operating normally and is confident the incident has been contained,” the firm told PPAI Media.

Ongoing efforts since the data breach include HALO working with external cybersecurity experts to investigate what happened, strengthening its computer network and monitoring the “dark web” for information relating to the company, Simon said.

HALO is offering affected clients the option to enroll in an identity protection solution from Cyberscout free of charge for 12 months.

• In the notice, HALO also included an Identity Protection Reference Guide that includes information on general steps you can take to monitor and protect your personal information.

“Please know that we’ve taken a number of steps to address this situation, and that we’re committed to doing the right thing for everyone involved,” Simon said.

• HALO earned PPAI 100 High Marks in the Innovation category in 2023.

Written by: John Corrigan

Published with Permission from PPAI