Stanley Steemer says nearly 68,000 people affected by data breach in March

Carpet cleaning giant Stanley Steemer said nearly 68,000 people were affected by a cyberattack the company experienced in March.

In documents filed with regulators in Maine, the Ohio-based cleaning business said hackers broke into its systems on February 10 and were discovered on March 6.

“Stanley Steemer undertook a comprehensive review of the contents of the files determined to be at risk to assess if any sensitive information could be affected and to whom it related. Since providing an initial wave of notice on November 15, 2023, Stanley Steemer continued to review its internal records to locate mailing addresses for potentially impacted individuals,” completing the process on November 20, the company said.

“The information that could have been subject to unauthorized access includes name and Social Security number,” Stanley Steemer said.

The company said 67,921 are affected by the incident. The notice does not say if it was a ransomware attack, and the company did not respond to requests for comment.

The Play ransomware gang claimed it attacked the company on March 17, allegedly stealing accounting data, budgets, tax documents, photos of passports and more. Stanley Steemer says it notified federal law enforcement after the attack.

The company reported $577 million in sales in 2021 and has franchises in 49 states. It is providing victims of the attack with two years of free credit monitoring services.

The Play ransomware operation continues to be one of the most damaging gangs currently operating. After emerging in July 2022 targeting government entities in Latin America, the group has garnered headlines in 2023 for attacks on the city of Oakland, the city of Lowell and Dallas County.