L Brands, Inc.
SafetyCall provides adverse event reporting services related to consumer products for the Organization. SafetyCall uses a sub-processor, NetGain, for data hosting services. On November 24, 2020, SafetyCall first became aware of a potential security issue, which culminated in the launch of ransomware on December 3, 2020. On December 14, 2020, SafetyCall informed the Organization that NetGain experienced a potential security incident and started investigating the incident. On January 25, 2021, NetGain informed SafetyCall that the Organization’s customer data might have been taken from its network as part of the attack. On July 8, 2021, the Organization received potentially compromised records from SafetyCall and began a review to determine whether any sensitive data was located within them.