On June 22, 2023, Vitality Group International, Inc. (“Vitality”) filed a notice of data breach with the Attorney General of Montana after discovering that a vulnerability in a file transfer software used by the company allowed hackers to access certain confidential consumer information. In this notice, Vitality explains that the incident resulted in an unauthorized party being able to access consumers’ sensitive information, which includes their names, dates of birth and health information. Upon completing its investigation, Vitality began sending out data breach notification letters to all individuals whose information was affected by the recent data security incident.
If you received a data breach notification from Vitality Group International, Inc., it is essential you understand what is at risk and what you can do about it. As we’ve discussed in previous posts, hackers typically either use stolen information themselves to commit frauds against consumers or sell the stolen data to another criminal who uses it as they see fit. In either case, a data breach significantly increases your risk of identity theft and other frauds. However, a data breach lawyer can help you learn more about how to protect yourself from becoming a victim of fraud or identity theft as well as discuss your legal options following the Vitality Group data breach.
What Caused the Vitality Group Breach?
The Vitality Group data breach was only recently announced, and more information is expected in the near future. However, Vitality’s filing with the Attorney General of Montana provides some important information on what led to the breach. According to this source, Vitality recently identified that the MOVEit software used by the company to transmit certain files contained a zero-day vulnerability.
Upon learning of the zero-day vulnerability, Vitality launched an investigation to learn more about the nature and scope of the incident. Vitality also shut down access to the affected server.
Through its investigation, Vitality was able to determine that hackers were able to access and remove certain files containing confidential consumer information.
After learning that sensitive consumer data was accessible to an unauthorized party, Vitality Group reviewed the compromised files to determine what information was leaked and which consumers were impacted. While the breached information varies depending on the individual, it may include your name, date of birth, and health information.
On June 22, 2023, Vitality Group sent out data breach letters to anyone who was affected by the recent data security incident. These letters should provide victims with a list of which information of theirs was compromised.
More Information About Vitality Group International, Inc.
Founded in 2005, Vitality Group International, Inc. is a healthcare software company based in Chicago, Illinois. The company provides a mobile platform that provides health and wellness updates in real-time, encouraging users to prioritize their health through incentives, data and behavioral science. Vitality’s software is used by more than 30 million people in 40 markets across the world. Vitality Group employs more than 359 people and generates approximately $99 million in annual revenue.
