There's a new reminder for promotional products companies to take the threat of cybercrime seriously; attacks can happen to anyone.

HALO (PPAI 106462, Platinum) – ranked the No. 2 distributor in the inaugural PPAI 100 – suffered a data breach in November 2023 that affected 7,305 people, according to a report filed this week with the Office of the Maine Attorney General.

  • The Sterling, Illinois-based company reported that it was hacked on November 22, 2023, resulting in unauthorized access to some of its computer systems.  


“We immediately took steps to contain the incident and engaged federal law enforcement and leading cybersecurity experts to investigate the matter,” HALO told PPAI Media. "It wasn't until February 2024 that our investigation discovered that the data we reported to the state of Maine was impacted."

What Happened?

In a notice to impacted people sent on March 28, HALO CEO Marc Simon said that some computer systems were accessed by a “sophisticated threat actor” who evaded detection by HALO’s information security defenses.

The threat actor stole private information, such as names, birthdays and Social Security numbers of some of its current and former employees, as well as independent contractors, HALO said.  

  • That information was provided to HALO’s human resources department for tax or benefits purposes, according to the notice.

 

“Upon discovering the situation, we promptly took these systems offline, notified law enforcement and engaged cybersecurity experts to investigate," Simon said, adding that HALO has recovered the files.

“To our knowledge, we’re not aware of any actual or attempted misuse of personal information as a result of this incident,” Simon said.

Next Steps

“Since early December, HALO has been operating normally and is confident the incident has been contained,” the firm told PPAI Media.

Ongoing efforts since the data breach include HALO working with external cybersecurity experts to investigate what happened, strengthening its computer network and monitoring the “dark web” for information relating to the company, Simon said.

HALO is offering affected people the option to enroll in an identity protection solution from Cyberscout free of charge for 12 months.

  • In the notice, HALO also included an Identity Protection Reference Guide that includes information on general steps you can take to monitor and protect your personal information.


“Please know that we’ve taken a number of steps to address this situation, and that we’re committed to doing the right thing for everyone involved,” Simon said.


Increased Scrutiny

As the threat from cyberattacks evolves, the importance of customer data security is vital for all B2B businesses, including those in promotional products. Large end-buyer prospects in particular are sensitive to the need for data security, distributors say.

       RELATED: Cybersecurity: Big Business's No. 1 Vendor Priority

As with other digital transformation initiatives, it's recommended that security receive close executive supervision. On average, promo's largest companies are more focused on cybersecurity.