Tag Archive for: ASSOCIATES

HomeTrust Mortgage Reports Data Breach in the Wake of Ransomware Attack | Console and Associates, P.C.

/in


On November 23, 2022, HomeTrust Mortgage reported a data breach with the Attorney General of Montana after hackers carried out a successful ransomware attack against the company, compromising consumer data stored on the company’s computer system. According to HomeTrust Mortgage, the breach resulted in the names, addresses and Social Security numbers of certain customers being compromised. Recently, HomeTrust Mortgage sent out data breach letters to all affected parties, informing them of the incident and what they can do to protect themselves from identity theft and other frauds.

If you were shocked to receive a data breach letter from a mortgage bank, you are not alone. Consumers implicitly trust companies—especially those in the financial services industry—to keep their information secure. Not surprisingly, these businesses are frequently targeted in cyberattacks because they typically store information that is valuable to hackers. However, as we’ve discussed in other posts, U.S. data breach laws allow for victims of a data breach to pursue a claim for compensation against any company that negligently leaked their data. While it’s too early to tell if HomeTrust Mortgage was negligent, that possibility cannot be ruled out.

What We Know About the Home Mortgage of America Data Breach

The available information regarding the Home Mortgage of America breach comes from the company’s filing with the Attorney General of Montana. According to this source, on July 15, 2022, HomeTrust Mortgage was made aware of suspicious activity within its computer system. In response, the company began working with third-party data security experts to better understand the incident and whether any consumer information was compromised as a result.

The HomeTrust Mortgage investigation confirmed that the company was victimized in a ransomware attack and that an unauthorized party had gained access to the HomeTrust Mortgage network. The investigation also revealed that the unauthorized party removed some of the files from the company’s network and that these files contained sensitive consumer information.

Upon discovering that sensitive consumer data was made available to an unauthorized…

Source…

FMC Services, LLC Announces Data Breach Affecting More than 230k People’s Sensitive Information | Console and Associates, P.C.

/in


On September 23, 2022, FMC Services, LLC confirmed that the company experienced a data breach after an unauthorized party gained access to sensitive consumer data contained on FMC’s network. According to FMC, the breach resulted in the names, addresses, Social Security numbers, dates of birth and protected health information of certain patients and former patients being compromised. Recently, FMC sent out data breach letters to all affected parties, informing them of the incident and what they can do to protect themselves from identity theft and other frauds.

What We Know About the FMC Services Data Breach

News of the FMC data breach comes from the company’s official filing with the U.S. Department of Health and Human Services Office for Civil Rights, as well as a notice posted on the FMC website. According to these sources, on July 26, 2022, FMC Services learned that it had been the target of a cyberattack. More specifically, management was informed that hackers had “attempted to infiltrate” FMC’s computer system and demanded a ransom.

In response, the company secured its systems, stopped all unauthorized access, and began working with an independent cybersecurity firm to investigate the incident. This investigation confirmed that the hackers were able to access certain files contained on the FMC network and that these files contained sensitive information belonging to some patients.

Upon discovering that sensitive consumer data was accessible to an unauthorized party, FMC Services then reviewed the affected files to determine what information was compromised and which consumers were impacted. While the breached information varies depending on the individual, it may include your name, mailing address, date of birth, Social Security number, and protected health information.

On September 23, 2022, FMC Services sent out data breach letters to all individuals whose information was compromised as a result of the recent data security incident. According to FMC Service’s filing with the U.S. Department of Health and Human Services Office for Civil Rights, 233,948 people were impacted by the breach.

FMC Services, LLC is a healthcare services company based in Amarillo,…

Source…

NAF, Inc. Reports Data Breach Following Unauthorized Access to the Organization’s Computer Systems | Console and Associates, P.C.

/in


On August 10, 2022, NAF, Inc. reported a data breach with the various state attorney generals’ offices. While these filings do not indicate which type of information was compromised as a result of the incident, based on state data breach reporting requirements, it is likely that the incident affected one or more of the following: Social Security numbers, protected health information, or financial account information. After confirming the breach and identifying all affected parties, NAF began sending out data breach letters to all affected parties.

If you received a data breach notification, it is essential you understand what is at risk and what you can do about it. To learn more about how to protect yourself from becoming a victim of fraud or identity theft and what your legal options are in the wake of the NAF data breach, please see our recent piece on the topic here.

What We Know About the NAF Data Breach

The information about the NAF, Inc. data breach comes from an official filing with the office of the Vermont Attorney General. According to the most current information, on March 30, 2022, NAF detected unusual activity within its computer network. In response, the organization secured its systems and contacted outside cybersecurity professionals to assist with the company’s investigation.

The NAF investigation confirmed that an unauthorized party gained access to the company’s computer network on March 19, 2022, which lasted until the company discovered the breach on March 30, 2022. The investigation also revealed that the unauthorized party had access to files on the NAF system that potentially contained sensitive consumer information.

Upon discovering that sensitive consumer data was accessible to an unauthorized party, NAF began the process of reviewing all affected files to determine what information was compromised and which consumers were impacted by the incident. In the organization’s most recent filings, it does not disclose the data elements that were compromised as a result of the breach. However, because organizations only need to report incidents that affect highly sensitive and personal information, there is a reasonable probability that the NAF data…

Source…

Central Licensing Bureau, Inc. Falls Victim to Ransomware Attack, Resulting in Leaked Consumer Data | Console and Associates, P.C.

/in


Recently, Central Licensing Bureau, Inc. confirmed that the company experienced a data breach following a ransomware attack. According to the CLB, the breach resulted in the first and last names, addresses, dates of birth, Social Security numbers and driver’s license numbers of affected parties being compromised. On July 8, 2022, CLB filed an official notice of the breach and sent out data breach letters to all affected parties.

If you received a data breach notification, it is essential you understand what is at risk and what you can do about it. To learn more about how to protect yourself from becoming a victim of fraud or identity theft and what your legal options are in the wake of the Central Licensing Bureau data breach, please see our recent piece on the topic here.

Additional Details About the Central Licensing Bureau Data Breach

According to an official notice filed by the company, on November 29, 2021, Central Licensing Bureau detected a ransomware attack in which an unauthorized party accessed and disabled portions of the company’s computer systems. In response, CLB enlisted the assistance of a third-party cybersecurity forensic firm to further secure its systems and investigate the incident. As a result of this investigation, the Central Licensing Bureau learned that the unauthorized party orchestrating the attack was able to gain access to certain files containing consumer data.

Upon discovering that sensitive consumer data was accessible to an unauthorized party, Central Licensing Bureau then reviewed the affected files to determine which consumers were affected and what information of theirs was accessible to the unauthorized party. The Central Licensing Bureau completed this process on June 10, 2022. While the breached information varies depending on the individual, it may include your first and last name, address, date of birth, social security number, and driver’s license number.

On July 8, 2022, Central Licensing Bureau sent out data breach letters to all individuals whose information was compromised as a result of the recent data security incident.

Founded in 1982, Central Licensing Bureau, Inc. is a company that provides support services to the…

Source…