For Illinois Gardyn Customers
Specific consumer-protection options for residents of Illinois affected by CISA advisory ICSA-26-055-03.
This page summarizes general legal context for Illinois residents. It is not legal advice. Consult an attorney licensed in Illinois for advice specific to your situation.
What was exposed
Per CISA advisory ICSA-26-055-03 Update A, an unauthenticated cloud API endpoint (CVE-2026-28766) exposed records for approximately 134,215 customers, including names, email addresses, phone numbers, physical addresses, and the last_four partial credit-card field.
Illinois Personal Information Protection Act and BIPA context
Illinois has the Personal Information Protection Act (PIPA, 815 ILCS 530) governing data breach notification, and the Consumer Fraud and Deceptive Business Practices Act (815 ILCS 505).
If you are an Illinois resident potentially affected:
- File a complaint with the Illinois Attorney General’s Consumer Fraud Bureau at illinoisattorneygeneral.gov.
- Consider whether the Consumer Fraud Act provides a private right of action for the conduct at issue. Damages may include actual damages, attorney’s fees, and injunctive relief.
Consult an Illinois consumer-protection or class-action attorney.
Federal options (any state)
- Federal Trade Commission consumer complaint at reportfraud.ftc.gov.
- Identity theft reporting at identitytheft.gov.
- Free fraud alert or credit freeze with the three U.S. credit bureaus (Equifax, Experian, TransUnion).