Last Update: September 7, 2023

Incident Notification: Data Security Breach

Emmi Roth USA, Inc. (“Emmi Roth” or “we”) understands the importance of protecting personal data and retaining the trust of our customers and employees. Unfortunately, Emmi Roth was the victim of a cyberattack, and certain sensitive personal data within our custody and control was compromised.

What Happened?
On August 10, 2023, we discovered that a third party gained unauthorized access to our information technology environment. We immediately deployed security measures to contain and mitigate this threat, and we retained an external incident response team to accelerate our recovery efforts. Because of the substantial security controls implemented prior to this cybersecurity incident, we were able to contain the threat within a few hours and quickly return to a normal state of business operations. We have proactively notified the Federal Bureau of Investigation (FBI) of this incident and are assisting with its investigation.

What Personal Data Was Impacted?
As part of the internal investigation into this cyberattack, Emmi Roth identified that an unauthorized third party gained access to certain Emmi Roth files and records that contained sensitive personal data related to (i) current and former Emmi Roth employees and (ii) current and former employees of certain Emmi Roth affiliates and subsidiaries. Emmi Roth is currently in the process of sending current employees with a detailed letter about this incident. If you previously worked for Emmi Roth or worked at any of the following Emmi Roth affiliates or subsidiaries during these timeframes, your sensitive personal data may have been impacted by this cybersecurity incident:

Emmi Roth Affiliate/Subsidiary Impacted Employment Timeframe
Roth Käse USA LTD Jan. 1, 2004 – Dec. 31, 2010
Emmi USA Inc (formerly Emmi Gerber Cheese Co.) Jan. 1, 2004 – Dec. 31, 2011
Emmi Penn Yan LLC Jan. 1, 2012 – Dec. 31, 2014
Cypress Grove Chevre, Inc. Jan. 1, 2015 – Dec. 31, 2021
Redwood Hill Farm & Creamery, Inc. Jan. 1, 2015 – Dec. 31, 2021
Tomales Bay Foods, Inc. (d/b/a Cowgirl Creamery) Jan. 1, 2016 – Dec. 31, 2021
Jackson Mitchell, Inc., Meyenberg goat milk producers Jan. 1, 2018 – Dec. 31, 2021

Resources for Employees: What You Can Do

Based on the measures that we have implemented and the actions we have taken, there is no indication that any sensitive personal data involved in this cybersecurity incident has been misused or will be misused in the future. Yet, out of an abundance of caution, Emmi Roth is providing complimentary credit monitoring and identity theft protection services through Equifax to those individuals who may have been impacted by this cybersecurity incident.

If you are a current employee of Emmi Roth or of the affiliates and subsidiaries referenced above and you were impacted by this incident, you will receive a separate notice in the mail from Emmi Roth that provides instructions on how you can enroll in these services.

If you are a former employee of either (i) Emmi Roth or (ii) of the abovementioned Emmi Roth affiliates or subsidiaries in the timeframes listed above, please contact our call center (see below) to determine whether you are eligible to enroll in these services.

We are working hard to ensure that everyone has answers to questions and concerns you may have with respect to this incident.

We have established a dedicated call center to answer questions you may have about this incident, which you can reach at 844-709-1704, Monday–Friday, 9:00 a.m. to 9:00 .pm. (EST).

We have also posted an FAQ sheet above that outlines questions and answers related to this incident.

Other identity protection resources are available at the link below.

Identity Protection Resources

Suppliers and Customers

Emmi Roth does not retain sensitive personal data on our customers, clients, or suppliers, and therefore no such personal data was impacted in this incident.