Weekly Data Breach Alert (Updated) | Console and Colleagues, PC

Data breaches have become more common in recent years. In fact, the total number of data breaches increased by 68% from 2020 to 2021. Just last week, there were about 14 data breaches, including those involving Fairfield County Implants & Periodontics, Wells Fargo, El Monte RV, Parami, Great Plains Beef and Lone Creek Cattle Company, Simonson Lumber, Elephant Insurance, WellDyneRx, North Alabama Bone & Joint Clinic, Cornish College of the Arts, Oklahoma City Indian Clinic, NuLife Med, Quantum Imaging & Therapeutic Associates, Inc. and Covenant Care California, LLC.

If you are notified of a data breach, you must understand what is at risk and what you can do about it.To learn more about how to protect yourself from being a victim of fraud or identity theft, and what your legal options are after a data breach, see our recent article on the topic here.

Fairfield County Implants and Periodontics

On March 2, 2022, Fairfield County Implants & Periodontics first became aware of an incident involving unauthorized access to employee email accounts. In response, the company investigated the incident and found that an unauthorized party was able to view and possibly retrieve sensitive information belonging to certain consumers.

While the information leaked varies by individual, it may include the affected party’s name, address, date of birth, phone number, email address, Social Security number, health insurance information, and medical history and treatment information.

On April 15, 2022, Fairfield County Implants & Periodontics issued a data breach letter to those whose information was compromised in the breach.

FuGuo bank

Little is known about the Wells Fargo breach because it happened only recently. However, according to official Wells Fargo filings, on January 2, 2022, the company first became aware of a data security incident. After investigating this incident, Wells Fargo was informed that several days earlier, on December 31, 2021, there was unauthorized access to the company’s computer network. Wells Fargo has not disclosed what information was compromised by the breach.

On May 5, 2022, Wells Fargo sent a data breach letter to those whose information was compromised in the breach.

El Monte RV

In late January 2021, El Monte RV first detected unauthorized activity on its computer network. In response, the company investigated the incident to determine if any consumer information was leaked as a result. On April 5, 2022, El Monte RV confirmed that the breach resulted in the compromise of certain consumer data. Apparently, an unauthorized party had access to the company’s network between January 22 and January 24, 2022.

On May 5, 2022, El Monte RV issued a data breach letter to those whose information was compromised in the breach.

Palamite

The Paramit breach stemmed from unauthorized access to the company’s computer systems that occurred on April 8, 2022. After discovering the unauthorized activity, Parami investigated the incident and confirmed that sensitive consumer data was compromised as a result.

Parmit then conducted a detailed review of all compromised data to determine which parties were affected and which information was compromised. While the information leaked varies by individual, it may include the names, Social Security numbers, and dates of birth of affected individuals.

On May 5, 2022, Parmit sent a data breach letter to those whose information was compromised in the breach.

Great Plains Beef and Lone Creek Cattle Company

The Great Plains Beef and Lone Creek Cattle Company violations involve two separate but related companies, both involved in beef production. On October 1, 2021, the two companies first became aware of a data security incident affecting the company’s computer systems. Through subsequent investigations, the companies confirmed that an unauthorized party was able to access sensitive consumer information. On May 4, 2022, the Great Plains Beef and Lone Creek Cattle Company completed a review of all affected documents and identified those responsible for the breach. However, neither company provided a list of compromised data.

On May 4, 2022, Great Plains Beef and Lone Creek Cattle sent data breach letters to those whose information was compromised in the breach.

simonson wood

On April 9, 2022, Simonson Lumber detected what the company believes may be unauthorized access to its computer systems. This prompted Simonson Lumber to investigate the incident, which established that an unauthorized party was able to access, view and possibly obtain sensitive consumer information.

While the information leaked varies by individual, it may include the consumer’s name, mailing address, phone number, date of birth, Social Security number, driver’s license number, and credit card or bank account numbers.

On May 6, 2022, Simonson Lumber sent a data breach letter to those whose information was compromised in the breach.

Elephant Insurance

In April, Elephant Insurance determined there was unusual activity on its computer systems. The company sought the assistance of third-party cybersecurity experts to investigate the incident. The investigation confirmed that an unauthorized party was able to access sensitive information contained on the company’s servers. On April 25, 2022, the company completed a review of the compromised documents.

The elephant insurance breach resulted in the affected parties’ names, driver’s license numbers and dates of birth being affected. On May 6, 2022, Elephant Insurance issued a data breach letter to the information leaker in the information breach.

WellDyneRx

WellDyneRx’s breach was first discovered on December 2, 2021, when the company became aware of suspicious activity related to the company’s email accounts. Following an investigation into the incident, WellDyneRx confirmed that between October 30, 2021 and November 11, 2021, an unauthorized party was able to access and potentially delete sensitive files from the company’s network.

As a result of the WellDyneRx data breach, the following information was compromised: Name, Date of Birth, Social Security Number, Driver’s License Number, Treatment Information, Health Insurance Information, Contact Information, Prescribing Information, and other medical and healthcare related information.

On May 6, 2022, WellDyneRx sent a data breach letter to those whose information was compromised in the breach.

North Alabama Bone and Joint Clinic

On March 9, 2022, the North Alabama Bone and Joint Clinic discovered suspicious activity on its computer systems. This prompted the company to investigate the incident. Through this investigation, the company confirmed that on March 9, 2022, an unauthorized party was able to access multiple employee email accounts.

The leaked information included names of affected parties, contact information, financial information, dates of birth, family information, medical record numbers, prescribing information, medical and clinical information, including diagnosis and treatment history, and health insurance information.

On May 6, 2022, the North Alabama Bone and Joint Clinic posted a notice of violation on its website. Once North Alabama Bone & Joint Clinic has identified all parties affected by the data breach, the company may send them a data breach notification letter.

Cornwall School of Art

The data breach at Cornwall College of Art was first discovered after the school learned that an unauthorized party may have attempted to gain access to its computer network. Following an investigation into the incident, Cornwall College of Art confirmed on April 4, 2022 that between June 6, 2021 and June 10, 2021, an unauthorized party was able to access and possibly access the school’s network from Delete sensitive files.

The compromised information included full names, Social Security numbers, financial account information and security codes, payment card information, driver’s license numbers, health insurance information, passport numbers, digital signatures, and medical information of affected parties.

On May 6, 2022, Cornwall College of Art issued a data breach letter to those whose information was compromised in the breach.

Oklahoma City Indian Clinic

The Oklahoma City Indian Clinic (“OKCIC”) recently reported a breach that exposed sensitive information on as many as 38,239 individuals. On March 10, 2022, the clinic first became aware of a data security incident affecting some of its computer systems, according to a notice posted on OKCIC’s website. In response, OKCIC hired cybersecurity experts to investigate the breach, confirming that an unauthorized party was able to access and potentially retain consumer data. The violations included the affected individuals’ names, dates of birth, treatment information, prescription information, medical records, physician information, health insurance policy numbers, phone numbers, tribal ID numbers, Social Security numbers and driver’s license numbers.

On May 9, 2022, OKCIC sent a data breach letter to those whose information was compromised in the breach.

Nu Life Med, LLC

The company first detected the NuLife Med vulnerability on March 11, 2022, when employees noticed suspicious activity on the company network. Following this discovery, NuLife Med consulted with external cybersecurity experts to investigate the incident. The investigation revealed that between March 9, 2022 and March 11, 2022, an unauthorized party was able to access files containing sensitive consumer data.

The information leaked in the breach included the names, addresses, Social Security numbers, medical and health insurance information of affected parties, as well as financial account or credit card information.

After identifying all consumers affected by the breach, on May 9, 2022 NuLife Med sent a data breach letter to all affected parties explaining the incident and what they can do to protect themselves from identity theft and other frauds.

Quantum Imaging & Therapeutic Associates, Inc.

On May 9, 2022, Quantum Imaging & Therapeutic Associates, Inc. (“QITA”) filed a formal notification regarding a data breach resulting from unauthorized access to the company’s IT network. According to the notice provided by Qida, the data security incident was first discovered on October 7, 2021. At this point, Qida launched an investigation into the incident to determine if any consumer data was affected. While QITA claims to have blocked the intrusion, the company could not confirm that consumer data was not affected. Data that may be affected includes certain consumers’ names, mailing addresses, dates of birth, Social Security numbers and protected health information.

After identifying all consumers affected by the data breach, Quantum Imaging & Therapeutic Associates sent a data breach letter on May 9, 2022 to all affected parties explaining the incident and what they can do to protect themselves Safe from identity theft and other fraud.

California Covenant Care LLC

The Covenant Care California breach originated at the company’s Wagner Heights Nursing and Rehabilitation Center facility when an unauthorized party was able to access employees’ email accounts. Apparently, the employee responded to the email phishing attack on or around February 24, 2022. After learning of the cybersecurity incident, California-based Covenant Care investigated the incident to determine if any patient data was compromised as a result. Subsequently, on April 18, 2022, the company confirmed that certain patients’ medical records were available through the employee’s email account.

After learning that an unauthorized party had access to sensitive patient data, Covenant Care California conducted a detailed review of the affected files to determine the extent of the compromised information. On May 6, 2022, Covenant Care California sent a data breach letter to all patients whose information was compromised as a result of a recent data security incident.

Leave a Reply

Your email address will not be published. Required fields are marked *