Stanley Steemer, one of the go-tos in the US for domestic cleaning services, has suffered a data breach that may have affected tens of thousands of people.
The international company made the disclosure from its headquarters in Ohio, notifying the Attorney General’s Office in the state of Maine, which imposes strict reporting requirements for data breaches that affect its residents.
Stanley Steemer told Maine that though just 17 of its residents were potentially impacted, up to 67,921 people in total may have had their names, driver’s license number, and other ID exposed to an unknown threat actor detected in its systems in March.
Around this time, cyber watchdog Falcon Feedsio shared a claim on Twitter, nowadays known as X, that ransomware group Play was behind the attack on the carpet cleaning giant.
For its part, Stanley Steemer believes the interloper was sniffing around its data between February 10th and March 6th, but did not arrive at any firm conclusions until it concluded an internal investigation on September 7th.
“It was determined that there was unauthorized access to Stanley Steemer’s network,” the company said in a letter of disclosure sent to affected Maine residents on November 15th. “The unauthorized actor had the ability to access and acquire certain files while on the network.”
It added: “The information that could have been subject to unauthorized access includes name, Social Security number, driver’s license number, and financial account information.”
Stanley says it has notified both the federal authorities and state regulators and offered victims two years’ worth of free credit monitoring by way of compensation.
“Additionally, Stanley Steemer is providing impacted individuals with guidance on how to better protect against identity theft and fraud [...] providing individuals with information on how to place a fraud alert and security freeze on one’s credit file,” it added.
Founded in 1947, Stanley Steemer has 275 branches in 49 states across the US and employs more than 2,000 people. In 2006 alone, it claimed to have provided services to two million homes.
More from Cybernews:
Subscribe to our newsletter