In recent months, data breaches have become increasingly common. Just last week, there were about eight notable data breaches, including those involving Jackson County Hospital District, Lower, LLC, Leiters, Inc., OnDeck, Prothena Corporation, PLC, Fred Hutchinson Cancer Center, Ian Martin PBC, Rainier Arms, LLC.
If you received a data breach notification, it is essential you understand what is at risk and what you can do about it. To learn more about how to protect yourself from becoming a victim of fraud or identity theft and what your legal options are in the wake of a data breach, please see our recent piece on the topic here.
Jackson County Hospital District
The data breach at Jackson County Hospital District leaked the personal information of certain patients and employees. Evidently, on January 9, 2022, Jackson Hospital first noticed that certain computer systems on the hospital’s network were inaccessible. Upon investigating the incident, Jackson County Hospital District confirmed that an unauthorized party had gained access to the hospital’s systems and removed certain files. The compromised data types include patient and employee names, dates of birth, contact information, Social Security numbers, medical history, medical conditions or treatment information, medical record numbers, diagnosis codes, and patient account numbers.
On May 6, 2022, Jackson Hospital sent out data breach letters to all individuals whose information was compromised as a result of the recent data security incident.
Lower, LLC.
Lower, LLC, a fintech company based in New Albany, Ohio, recently reported a data breach that leaked sensitive information belonging to certain individuals. Evidently, Lower LLC first learned of the breach on December 14, 2021, when the company detected unusual activity on its computer network. After an investigation, the company confirmed that an unauthorized actor accessed the Lower network and removed certain files sometime between December 10, 2021 and December 14, 2021. A subsequent investigation revealed that there was additional unauthorized activity related to several employee email accounts between September 2, 2021 and December 16, 2021. The data types leaked in the Lower data breach include full names, Social Security numbers, dates of birth, driver’s license numbers, and financial account numbers of affected individuals.
On May 27, 2022, Lower LLC sent out data breach letters to all individuals whose information was compromised as a result of the recent breach.
Leiters, Inc.
Leiters, Inc. recently confirmed a data breach affecting pharmacy patients who filled a prescription between 2016 and 2019. Evidently, on April 11, 2022, Leiters detected unauthorized activity on some of its computer systems. After looking into the incident with the assistance of cybersecurity professionals, the company confirmed that the names, addresses, phone numbers, invoice numbers, prescription information, and credit or debit card information belonging to customers who filled prescriptions between 2016 and 2019 were compromised.
On May 23, 2022, Leiters, Inc. mailed out data breach letters to all individuals whose information was compromised as a result of the recent incident.
OnDeck
The OnDeck breach stemmed from an incident in which an unauthorized party accessed the company’s computer network and transferred sensitive consumer data to a private cloud storage account. Based on the company’s most recent filings, OnDeck first learned of the incident on March 10, 2022, when it detected suspicious activity across its IT network. On March 13, 2022, after investigating the incident, OnDeck confirmed that the unauthorized party copied certain data to a private cloud storage account. By March 17, 2022, OnDeck gained sole control over the online storage account and recovered the data, shutting down access to the account. However, during the period of unauthorized access, the following data was accessible to the unauthorized party: name, Social Security number, tax ID number, driver’s license number, passport number, financial account/payment card account number, and medical or health insurance information.
On June 2, 2022, OnDeck mailed out data breach letters to those individuals whose information was leaked as a result of the breach.
Prothena Corporation, PLC
The Prothena Corporation PLC data breach involved unauthorized access to an employee email account, which enabled hackers to view and possibly retain sensitive consumer data. Prothena does not indicate the date when the company became aware of the incident; however, On May 24, 2022, Prothena determined that, while the breached information varies depending on the individual, it may include individuals’ names, addresses, and Social Security or tax identification numbers. While Prothena did not provide a total number of victims, the company’s investigation confirmed that the unauthorized party had access to the compromised email account for the four-month period between December 20, 2021 and April 22, 2022.
On June 2, 2022, Prothena Corp. sent data breach notification letters to all people whose information was leaked as a result of the recent data security incident.
Fred Hutchinson Cancer Center
Recently, Fred Hutchinson Cancer Center (“Fred Hutch”), formerly Seattle Cancer Care Alliance, reported a data breach affecting the personal and protected health information of certain patients. Evidently, the story of the Fred Hutch breach began on March 26, 2022, when the Center learned that an unauthorized party temporarily gained access to an employee’s email account. After completing an investigation into the incident, Fred Hutchinson Cancer Center confirmed that an unauthorized party was able to access sensitive patient information between March 25, 2022 to March 26, 2022. While the Fred Hutchinson Cancer Center did not elaborate on the nature of the information leaked in the recent breach, it confirmed the data consists of certain patients’ personal and protected health information.
On May 25, 2022, Fred Hutchinson Cancer Center released data breach letters to all patients whose information was compromised.
Ian Martin PBC
The professional staffing company Ian Martin PBC (“the Ian Martin Group,” “Ian Martin”) recently confirmed that the company experienced a data breach resulting in the names and Social Security numbers of 15,351 individuals being compromised. Based on documents filed by the company, on March 23, 2022, the Ian Martin Group identified a suspicious file on its network. After engaging in an investigation into the incident, Ian Martin confirmed that the personal information of 15,351 individuals may have been accessed or acquired by an unauthorized party between March 15, 2022 and March 22, 2022.
On June 2, 2022, Ian Martin sent out data breach letters to all individuals who were affected by the breach, explaining the incident and what they can do to protect themselves from future frauds.
Rainier Arms, LLC
The firearms and firearm part retailer Rainier Arms, LLC recently reported a data breach stemming from what appears to be a data scraping attack. Evidently, in December 2021, Rainier Arms started receiving inquiries from customers who had recently made a purchase on the company’s online store and shortly thereafter experienced unauthorized activity on their credit or debit cards. On April 21, the company concluded its investigation into the incident, confirming that an unauthorized party had installed a line of malicious code on the back-end of the company’s online store. This code was designed to transmit customers’ names and debit or credit card numbers to hackers. The company also noted that the code was in place between June 1, 2021 and January 19, 2021.
On June 2, 2022, Rainier filed official notice of the breach and sent out data breach letters to all affected parties.
