Crimson Wine Data Breach Affects 26,238 Individuals

Crimson Wine Group recently experienced a significant data breach that exposed sensitive consumer information of 26,238 individuals across the United States.

The breach was discovered on July 15, 2024, after the company detected unauthorized access to its systems. According to the investigation, the breach occurred between June 26, 2024, and June 30, 2024, during which an unauthorized third party gained access to certain systems within Crimson Wine Group's network.

Included in the 26,238 affected individuals across the US are 1,213 individuals in Texas, 21 in Maine, and 212 in Massachusetts.

The exposed information includes highly sensitive personal and financial data, such as:

• Names
• Addresses
• Social Security numbers
• Driver’s license numbers
• Government-issued ID numbers (e.g., passports, state ID cards)
• Financial account information
• Payment card information (credit or debit card numbers)
• Medical records
• Dates of birth

The breach was disclosed to the Maine Attorney General on December 14, 2024, the Massachusetts Attorney General on December 14, 2024, and the Texas Attorney General on December 17, 2024. The company began notifying affected consumers via U.S. mail on August 19, 2024, and additional notifications were sent after further data review was completed on November 8, 2024.

The breach is severe, as it involved highly sensitive information that could be exploited for identity theft, financial fraud, and other malicious activities. The exact method used by the attackers to gain access has not been disclosed.

Crimson Wine Group's response

Upon discovering the breach, Crimson Wine Group took action to investigate and contain the incident. The company launched a thorough investigation to determine the scope of the breach and identify individuals whose personal information was compromised. Federal law enforcement authorities were also notified.

In response to the breach, Crimson Wine Group implemented additional security measures to safeguard its systems and prevent future incidents. The company is providing affected individuals with one year of complimentary credit monitoring and identity restoration services through IDX. These services include tools to help monitor credit activity and detect potential misuse of personal information.

Additionally, Crimson Wine Group has shared guidance with affected individuals on how to protect themselves from identity theft and fraud. This includes steps to place fraud alerts or credit freezes on their credit files, monitor account statements, and report suspicious activity.

Steps affected individuals should take

If you believe you may have been affected by this data breach, it is important to take the following steps to protect yourself:

1. Enroll in the free credit monitoring services provided by Crimson Wine Group. Instructions and an enrollment code were included in the notification letter sent to affected individuals. The deadline to enroll is March 13, 2025.
2. Monitor your financial accounts and credit reports for any unauthorized activity. You are entitled to one free credit report annually from each of the three major credit reporting bureaus (Equifax, Experian, and TransUnion) at AnnualCreditReport.com.
3. Place a fraud alert or credit freeze on your credit file to prevent unauthorized access to your credit. A fraud alert lasts one year and requires businesses to verify your identity before issuing credit. A credit freeze restricts access to your credit report entirely.
4. Report any suspicious activity to your financial institutions, credit card companies, and local law enforcement. You can also file a complaint with the Federal Trade Commission (FTC).
5. Stay vigilant for phishing attempts or scams. Attackers may use your exposed information to send fraudulent emails or phone calls. Do not share sensitive information unless you are certain of the recipient's identity.

For additional assistance, Crimson Wine Group has set up a dedicated assistance line at 1-866-711-4721, available Monday through Friday from 6 a.m. to 6 p.m. Pacific Time.