Acuity Brands Addresses Data Security Incident

News provided by

Acuity Brands, Inc.

Dec 06, 2022, 19:15 ET

ATLANTA, Dec. 6, 2022 /PRNewswire/ -- Today, Acuity Brands, Inc. is providing notice to individuals after it detected a data security incident.

Acuity Brands identified a data security incident, immediately took steps to secure its systems, and a third-party cybersecurity firm was engaged to conduct a thorough investigation. This notice explains the incident and the measures Acuity has taken in response.

The investigation determined that an unauthorized person obtained access to some of Acuity's systems on December 7 and December 8, 2021, and copied a subset of files out of its network during that time. During the investigation, Acuity also discovered evidence of an unrelated incident of unauthorized access that occurred on October 6 and October 7, 2020, which included an attempt to copy certain files out of its network. Acuity conducted a review of the files from both incidents. The review identified that they contained personal information for current and former employees and members of Acuity's health plan. Our investigation concluded that only employee data was involved and sensitive customer data was not impacted.

The files involved in the December 2021 incident may have included the name, Social Security number, and enrollment and claims information related to current and former employees' participation in Acuity's health plan. In addition, the information in the files may have included the name, driver's license number, financial account information, and limited health information related to other aspects of an individual's employment with Acuity, such as injury information related to workers compensation claims or related to requests for leave under the Family and Medical Leave Act. The types of information in the files were not the same for all individuals. 

The information involved in the October 2020 incident may have included the name, Social Security number, driver's license number, financial account information, limited health information related to other aspects of an individual's employment with Acuity, such as injury information related to workers compensation claims or related to requests for leave under the Family and Medical Leave Act. The types of information in the files were not the same for all individuals, but the investigation confirmed that there was no information related to Acuity's health plan involved in the 2020 incident.

Acuity is mailing letters to involved individuals for whom Acuity has an address and offering eligible individuals credit monitoring services. Information about the incidents can be found on Acuity's website at www.acuitybrands.com. If you believe you may be affected but did not receive a letter, please contact Acuity's toll-free dedicated external call center at (855) 504-3853, Monday through Friday from 9:00 a.m. until 6:30 p.m. EST, excluding some major U.S. holidays. Acuity has enhanced its existing security protocols and technical safeguards to further secure its environment and to help prevent a similar incident in the future.

SOURCE Acuity Brands, Inc.

WANT YOUR COMPANY'S NEWS FEATURED ON PRNEWSWIRE.COM?

icon3
440k+
Newsrooms &
Influencers
icon1
9k+
Digital Media
Outlets
icon2
270k+
Journalists
Opted In
GET STARTED