Johnson Controls recently disclosed that it suffered a data breach that compromised the sensitive personal data of certain individuals.
What Happened?
Johnson Controls, a global leader in smart building technologies, experienced unauthorized access to its systems between February 1 and September 30, 2023. The breach, discovered on September 24, 2023, involved a ransomware attack that resulted in the theft of sensitive information, including names, Social Security numbers, and dates of birth. Affected individuals began receiving notification letters around June 30, 2025, and Johnson Controls is offering complimentary identity protection and credit monitoring services to those impacted.
About Johnson Controls
Johnson Controls serves industries worldwide with products in HVAC, fire safety, security systems, and energy solutions. The company prioritizes cybersecurity, but this incident highlights vulnerabilities affecting thousands.
Was Your Information Impacted by the Breach?
If you received a notice from Johnson Controls, your personal or employment information may have been compromised.
Are You Entitled to Compensation?
Siri & Glimstad LLP is investigating whether Johnson Controls’ failure to adequately secure data entitles victims to compensation for harm caused.
What Should You Do Next?
If you received a data breach letter from Johnson Controls, contact Siri & Glimstad, a nationally recognized and trusted data privacy law firm that has recovered tens of millions of dollars for consumers. The firm’s team of over 80 attorneys and other legal professionals has a winning track record in the data privacy space, holding companies accountable for lax data privacy practices, and securing compensation for millions of consumers.