Cornwell Quality Tools Data Breach Exposes 100,000 User Records

Cornwell Quality Tools, a prominent supplier of automotive and industrial equipment, confirmed that an unauthorized intrusion on December 12, 2024, exposed the sensitive information of 103,782 customers across its network.

The cyberattack, attributed to exploitation of an Auth0 PHP vulnerability, compromised names, Social Security numbers, medical records, and financial account details, placing affected individuals at elevated risk of identity theft and

fraud.

Breach Details and Timeline

Attackers exploited a vulnerability in Cornwell’s authentication framework to penetrate its corporate systems.

The unauthorized access persisted undetected for an extended period, during which both personally identifiable information (PII) and protected health information (PHI) were exfiltrated.

Affected records included full legal names, Social Security numbers, dates of birth, diagnostic codes tied to medical treatments, insurance policy identifiers, and bank account credentials.

Cornwell first became aware of unusual network activity in late August 2025 and immediately enlisted third-party forensic experts to trace the extent of the compromise and secure its infrastructure.

The company’s internal investigation confirmed that no further data had been exposed since containment measures were implemented.

Notification and Legal Response

Cornwell dispatched breach notification letters to all impacted customers on September 4, 2025, in compliance with federal and state breach disclosure requirements.

The letters detailed the categories of information accessed, recommended free credit monitoring services, and advised recipients on steps such as placing fraud alerts with credit bureaus and regularly reviewing financial statements.

Nearly nine months elapsed between the breach and notifications due to the complexity of correlating data sources and verifying the scope of compromised records.

In parallel, Goldenberg Schneider, LPA, announced an investigation into the incident, offering legal counsel to those affected and evaluating potential claims under consumer protection statutes.

The law firm’s outreach underscores the gravity of disclosing PHI and financial data without proper safeguards, and signals possible class-action litigation if restitution and identity protection services are deemed inadequate.

The Cornwell Quality Tools breach illustrates persistent cybersecurity challenges for businesses managing both industrial and healthcare-related data.

As supply-chain and manufacturing sectors increasingly handle PHI for workplace health monitoring, rigorous vulnerability management and timely patch deployment become critical.

Experts recommend continuous monitoring of third-party authentication modules, regular penetration testing, and incident response drills to reduce dwell time in the event of future intrusions.

Affected individuals are encouraged to remain vigilant for phishing attempts that leverage stolen medical details, and to enroll in identity theft protection plans.

Cornwell has pledged to bolster its security controls, engage independent auditors to review its protocols, and provide ongoing support services to all impacted customers.

This incident serves as a reminder that comprehensive data governance and rapid remediation efforts are essential to safeguarding customer trust and limiting downstream legal exposure.

Find this Story Interesting! Follow us on Google News, LinkedIn and X to Get More Instant Updates

The post Cornwell Quality Tools Data Breach Exposes 100,000 User Records appeared first on Cyber Security News.