New Congoleum Data Breach Exposes Sensitive Information of Nearly 5,000 Individuals
On March 24, 2026, New Congoleum LLC a subsidiary of Beaulieu International Group (B.I.G.) and a leading U.S. manufacturer of resilient flooring detected unusual activity within its network. The company, which operates under the legacy Congoleum brand (founded in 1886), launched an investigation with independent cybersecurity experts to assess the breach’s scope and secure its systems.
The probe confirmed that sensitive personally identifiable information (PII) was compromised, including names and Social Security numbers. A total of 4,831 individuals across the U.S. were affected, with six in Maine and three in Vermont among those impacted. Written notifications were sent to affected parties on May 8, 2026.
Shamis & Gentile P.A., a class-action law firm specializing in data breach cases, is now investigating the incident to determine potential compensation for those exposed. The breach highlights ongoing risks to corporate data security, particularly for organizations handling large volumes of consumer information.
Source: https://www.claimdepot.com/investigations/congoleum-data-breach-2026
Congoleum cybersecurity rating report: https://www.rankiteo.com/company/congoleum
Beaulieu International Group cybersecurity rating report: https://www.rankiteo.com/company/beaulieu-international-group
"id": "CONBEA1778517405",
"linkid": "congoleum, beaulieu-international-group",
"type": "Breach",
"date": "3/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '4831',
'industry': 'Manufacturing (Resilient Flooring)',
'location': 'U.S.',
'name': 'New Congoleum LLC',
'type': 'Subsidiary'}],
'customer_advisories': 'Written notifications sent to affected parties on May '
'8, 2026',
'data_breach': {'number_of_records_exposed': '4831',
'personally_identifiable_information': 'Names, Social '
'Security numbers',
'sensitivity_of_data': 'High (Social Security numbers, names)',
'type_of_data_compromised': 'Personally Identifiable '
'Information (PII)'},
'date_detected': '2026-03-24',
'date_publicly_disclosed': '2026-05-08',
'description': 'On March 24, 2026, New Congoleum LLC detected unusual '
'activity within its network. The company launched an '
'investigation with independent cybersecurity experts to '
'assess the breach’s scope and secure its systems. The probe '
'confirmed that sensitive personally identifiable information '
'(PII) was compromised, including names and Social Security '
'numbers. A total of 4,831 individuals across the U.S. were '
'affected, with six in Maine and three in Vermont among those '
'impacted. Written notifications were sent to affected parties '
'on May 8, 2026.',
'impact': {'data_compromised': 'Sensitive personally identifiable information '
'(PII), including names and Social Security '
'numbers',
'identity_theft_risk': 'High'},
'investigation_status': 'Ongoing (Class-action investigation)',
'references': [{'source': 'Cyber Incident Description'}],
'regulatory_compliance': {'legal_actions': 'Class-action investigation by '
'Shamis & Gentile P.A.'},
'response': {'communication_strategy': 'Written notifications sent to '
'affected parties',
'incident_response_plan_activated': 'Yes',
'third_party_assistance': 'Independent cybersecurity experts'},
'title': 'New Congoleum Data Breach Exposes Sensitive Information of Nearly '
'5,000 Individuals',
'type': 'Data Breach'}