Green Diamond Resource Company, a forest management business, faced a 2023 data breach exposing the personal information of 28,000 consumers, including names, dates of birth, Social Security numbers, financial account details, medical/health insurance data, government-issued IDs (driver’s licenses, passports), and access credentials. The breach led to a $695,000 settlement after plaintiffs alleged the company failed to implement reasonable security measures under common law, contract law, and the Federal Trade Commission Act. Affected individuals are eligible for up to $5,000 in reimbursement for out-of-pocket expenses, a pro-rata cash payment, and credit monitoring services to mitigate fraud risks. The case underscores escalating legal and regulatory scrutiny over corporate cybersecurity failures, particularly when sensitive consumer data is compromised. The breach’s severity stems from the highly personal and financial nature of the exposed data, increasing risks of identity theft, fraud, and long-term reputational harm to the company.
Source: https://natlawreview.com/article/green-diamond-agrees-695k-settlement-over-data-breach
TPRM report: https://www.rankiteo.com/company/green-diamond-resource-company
"id": "gre1002710092625",
"linkid": "green-diamond-resource-company",
"type": "Breach",
"date": "6/2023",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '28,000 consumers',
'industry': 'Forest Management / Natural Resources',
'location': 'Washington, USA (W.D. Wash. jurisdiction)',
'name': 'Green Diamond Resource Company',
'type': 'Private Company'}],
'customer_advisories': 'Settlement class members eligible for: (1) up to '
'$5,000 in documented out-of-pocket expenses; (2) '
'pro-rata cash payment from net settlement fund; (3) '
'credit monitoring services.',
'data_breach': {'data_exfiltration': 'Yes (alleged in lawsuit)',
'number_of_records_exposed': '28,000',
'personally_identifiable_information': 'Yes (names, DOBs, '
'SSNs, driver’s '
'licenses, passports, '
'etc.)',
'sensitivity_of_data': 'High (includes SSNs, financial '
'accounts, medical data)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Financial Data',
'Health Information',
'Government-Issued IDs',
'Access Credentials']},
'description': 'Green Diamond Resource Company, a forest management business, '
'is seeking court approval to pay $695,000 to settle claims '
'that it failed to adequately safeguard the personal '
'information of about 28,000 consumers in a 2023 data breach. '
'The breach exposed a wide range of personal information, '
'including names, dates of birth, Social Security numbers, '
'financial account details, medical and health insurance '
'information, government-issued identification numbers, and '
'access credentials. Plaintiffs alleged that Green Diamond did '
'not meet its obligations under common law, contract law, '
'industry standards, and the Federal Trade Commission Act to '
'maintain reasonable security practices.',
'impact': {'brand_reputation_impact': 'Negative (legal scrutiny and '
'settlement)',
'customer_complaints': 'Class-action lawsuit filed (Gregorio v. '
'Green Diamond Resource Co., No. '
'2:24-cv-00596)',
'data_compromised': ['Names and dates of birth',
'Social Security numbers',
'Financial account details',
'Medical and health insurance information',
'Government-issued identification numbers '
'(driver’s licenses, state IDs, passports)',
'Access credentials'],
'financial_loss': '$695,000 (settlement amount)',
'identity_theft_risk': 'High (due to exposure of PII and financial '
'data)',
'legal_liabilities': '$695,000 settlement, potential attorney fees '
'($208,500), litigation costs (up to '
'$50,000), and service awards ($5,000 per '
'class representative)',
'payment_information_risk': 'High (financial account details '
'compromised)'},
'investigation_status': 'Settlement pending court approval (as of 2025)',
'lessons_learned': 'Companies face increasing accountability for failing to '
"implement 'reasonable and adequate' cybersecurity "
'measures, particularly when handling sensitive consumer '
'data. Proactive safeguards and compliance with '
'regulations (e.g., FTC Act) are critical to mitigating '
'legal and financial risks.',
'post_incident_analysis': {'corrective_actions': 'Settlement payments and '
'credit monitoring for '
'affected individuals; '
'potential internal '
'cybersecurity improvements '
'(not specified).',
'root_causes': 'Alleged failure to maintain '
'reasonable security practices '
'under common law, contract law, '
'industry standards, and FTC Act.'},
'recommendations': ['Implement robust data encryption for sensitive PII and '
'financial data.',
'Conduct regular security audits and vulnerability '
'assessments.',
'Enhance employee training on data protection and breach '
'response protocols.',
'Adopt multi-factor authentication (MFA) for access '
'credentials.',
'Establish a clear incident response plan to minimize '
'breach impact.'],
'references': [{'source': 'Court Filing: Gregorio v. Green Diamond Resource '
'Co., No. 2:24-cv-00596 (W.D. Wash. 9/22/25)'}],
'regulatory_compliance': {'legal_actions': 'Class-action lawsuit (Gregorio v. '
'Green Diamond Resource Co., No. '
'2:24-cv-00596)',
'regulations_violated': ['Common Law',
'Contract Law',
'Industry Standards',
'Federal Trade Commission '
'Act (FTC Act)']},
'response': {'communication_strategy': 'Court-approved settlement '
'notification',
'recovery_measures': 'Settlement offer including credit '
'monitoring services for affected '
'individuals'},
'title': 'Green Diamond Resource Company Data Breach (2023)',
'type': 'Data Breach'}