Dec 3, 2019 | Consumer Protection, Employment & Technology Archive
McLaren Health Plan Notifies Members of Phishing Attack at One of Its Third-Party Vendors
Beckershospitalreview.com reported (“Michigan insurer alerts members of data breach”) that “. . . McLaren Health Plan began notifying members Nov. 27 of a phishing attack at one of the insurer’s third-party vendors, according to mlive.com.”
According to mlive.com (“McLaren patient information may have been accessed in phishing scam”):
Magellan Health, Inc. announced Wednesday Nov. 27, its subsidiary, Magellan Rx Management, discovered that an anonymous, unauthorized third party accessed the email account of one employee who handled member data for McLaren Health Plan in Flint.”
Magellan Rx was contracted with McLaren Health Plan through December 31 of 2018, according to a Magellan Rx Management news release.
On July 5, Magellan Health, Inc. learned an unauthorized party accessed an employee’s email May 28. The company immediately secured the employee’s email account and conducted a “thorough investigation” of all email accounts and all other Magellan systems.
Beckershospitalreview.com reported that “Patient data that may have been exposed included names, dates of birth, identification numbers, health plan information, providers, diagnosis, drug information and authorization information.”
Have You Been Impacted by A Data Breach?
If so, please either contact Kehoe Law Firm, P.C. Partner Michael Yarnoff, Esq., (215) 792-6676, Ext. 804, [email protected], complete the form on the right or send an e-mail to [email protected] for a free, no-obligation case evaluation of your facts to determine whether your privacy rights have been violated and whether there is a basis for a data privacy class action.
Examples of the type of relief sought by data privacy class actions, include, but are not limited to, reimbursement of identity theft losses and of out-of-pocket costs paid by data breach victims for protective measures such as credit monitoring services, credit reports, and credit freezes; compensation for time spent responding to the breach; imposition of credit monitoring services and identity theft insurance, paid for by the defendant company; and improvements to the defendant company’s data security systems.
Data privacy class actions are brought on a contingent-fee basis; thus, plaintiffs and the class members do not pay out-of-pocket attorney’s fees or litigation costs. Subject to court approval, attorney’s fees and litigation costs are derived from the recovery obtained for the class.
Nov 19, 2019 | Consumer Protection, Employment & Technology Archive
On November 19, 2019, Tripwire.com reported (“Macy’s Says Security Incident Might Have Exposed Customers’ Data“) that
Macy’s is notifying customers about a data security incident that might have exposed some of their personal and financial information.
The American department chain store said that it first learned of the incident back in mid-October. At that time, Macy’s security teams launched an investigation into a suspicious connection between macys.com and another website. They found that an unauthorized third party had added unapproved code to two of the chain’s web pages: the checkout page and the wallet page, which is accessible via My Accounts.
This code might have exposed customers’ personal and financial information in the event they used Macy’s website to make a purchase or store their payment data. These details might have included customers’ names, email addresses and payment card credentials. [Emphasis added.]
On November 18, 2019, Bleepingcomputer.com reported (“Macy’s Customer Payment Info Stolen in Magecart Data Breach“) that
Macy’s has announced that they have suffered a data breach due to their web site being hacked with malicious scripts that steal customer’s payment information.
This type of compromise is called MageCart attack and consists of hackers compromising a web site so that they can inject malicious JavaScript scripts into various sections of the web site. These scripts then steal payment information that is submitted by a customer.
According to a ‘Notice of Data Breach‘ issued by Macy’s, their web site was hacked on October 7th, 2019 and a malicious script was added to the ‘Checkout’ and ‘My Wallet’ pages. If any payment information was submitted on these pages while they were compromised, the credit card details and customer information was sent to a remote site under the attacker’s control. [Emphasis added.]
Have You Been Impacted by A Data Breach?
If so, please either contact Kehoe Law Firm, P.C. Partner Michael Yarnoff, Esq., (215) 792-6676, Ext. 804, [email protected], complete the form on the right or send an e-mail to [email protected] for a free, no-obligation case evaluation of your facts to determine whether your privacy rights have been violated and whether there is a basis for a data privacy class action.
Examples of the type of relief sought by data privacy class actions, include, but are not limited to, reimbursement of identity theft losses and of out-of-pocket costs paid by data breach victims for protective measures such as credit monitoring services, credit reports, and credit freezes; compensation for time spent responding to the breach; imposition of credit monitoring services and identity theft insurance, paid for by the defendant company; and improvements to the defendant company’s data security systems.
Data privacy class actions are brought on a contingent-fee basis; thus, plaintiffs and the class members do not pay out-of-pocket attorney’s fees or litigation costs. Subject to court approval, attorney’s fees and litigation costs are derived from the recovery obtained for the class.
Nov 14, 2019 | Consumer Protection, Employment & Technology Archive
Phishing E-Mail Campaign Allowed Unknown Actor To Gain Access to Employee Office 365 Accounts From April 2, 2019 to June 20, 2019
On November 13, 2019, Solara Medical Supplies, LLC (“Solara”), issued a press release providing notice of a data incident “that may affect the security of some information relating to certain individuals associated with Solara including current and former patients and employees.”
The “Notice of Data Incident” stated, among other things, the following:
On June 28, 2019, Solara determined that an unknown actor gained access to a limited number of employee Office 365 accounts, from April 2, 2019 to June 20, 2019, as a result of a phishing email campaign. Solara worked with third party forensic experts to investigate and respond to this incident and confirm the security of relevant Solara systems. Through this investigation on July 3, 2019, Solara determined that certain information present within the employee Office 365 accounts may have been accessed or acquired by an unknown actor at the time of the incident. Solara undertook a comprehensive manual and programmatic review of the accounts to identify what personal information was stored within the accounts and to whom that information related. [Emphasis added.]
Further, the “Notice of Data Incident” stated that
[t]he personal information present in the accounts at the time of the incident varied by individual but may have included first and last names and one or more of the following data elements: name, address, date of birth, Social Security number, Employee Identification Number, medical information, health insurance information, financial information, credit / debit card information, driver’s license / state ID, passport information, password / PIN or account login information, billing / claims information, and Medicare ID / Medicaid ID. [Emphasis added.]
Have You Been Impacted by A Data Breach?
If so, please either contact Kehoe Law Firm, P.C. Partner Michael Yarnoff, Esq., (215) 792-6676, Ext. 804, [email protected], complete the form on the right or send an e-mail to [email protected] for a free, no-obligation case evaluation of your facts to determine whether your privacy rights have been violated and whether there is a basis for a data privacy class action.
Examples of the type of relief sought by data privacy class actions, include, but are not limited to, reimbursement of identity theft losses and of out-of-pocket costs paid by data breach victims for protective measures such as credit monitoring services, credit reports, and credit freezes; compensation for time spent responding to the breach; imposition of credit monitoring services and identity theft insurance, paid for by the defendant company; and improvements to the defendant company’s data security systems.
Data privacy class actions are brought on a contingent-fee basis; thus, plaintiffs and the class members do not pay out-of-pocket attorney’s fees or litigation costs. Subject to court approval, attorney’s fees and litigation costs are derived from the recovery obtained for the class.
Nov 12, 2019 | Consumer Protection, Employment & Technology Archive
Data Breach Affected Undisclosed Number of Individuals and May Have Included, Among Other Things, Dental/Treatment, Insurance, Social Security, and Date of Birth Information
On November 12, 2019, Healthsecurity.com reported that “Delta Dental of Arizona is notifying an undisclosed number of individuals that their personal and medical data was potentially breached by a phishing attack in July.”
Delta Dental of Arizona’s “Notice of Data Incident” stated, among other things, that
[o]n or around July 8, 2019, Delta Dental of Arizona became aware of suspicious activity related to an employee’s email account. [Delta Dental of Arizona] immediately commenced an investigation, working with third party forensic investigators, to assess the nature and scope of the email account activity. The investigation confirmed that the employee fell victim to an email phishing scheme that allowed an unauthorized actor to gain access to the email account. While [Delta Dental of Arizona has] no evidence of actual or attempted misuse of any information present in the email account, [Delta Dental of Arizona] could not rule out the possibility of access to data present in the account. Delta Dental of Arizona undertook a lengthy and labor-intensive process to identify the personal information contained in the affected account. In an abundance of caution, Delta Dental of Arizona is notifying individuals because [Delta Dental of Arizona] confirmed that certain personal information was present in the affected account. [Emphasis added.]
Additionally, Delta Dental of Arizona stated that its “. . . investigation determined that the information present in the affected email account may include: name, address, date of birth, Social Security number, Member or Subscription identification number, driver’s license number, government issued identification number, state identification number, passport number, financial account information, credit and/or debit card information, dental/treatment information, dental insurance information, digital signature, and/or username and password.” [Emphasis added.]
According to Healthitsecurity.com, “[t]he notification did not explain the delay in reporting the incident. Under HIPAA, covered entities and business associates are required to provide breach notifications within 60 days of discovery.”
Have You Been Impacted by A Data Breach?
If so, please either contact Kehoe Law Firm, P.C. Partner Michael Yarnoff, Esq., (215) 792-6676, Ext. 804, [email protected], complete the form on the right or send an e-mail to [email protected] for a free, no-obligation case evaluation of your facts to determine whether your privacy rights have been violated and whether there is a basis for a data privacy class action.
Examples of the type of relief sought by data privacy class actions, include, but are not limited to, reimbursement of identity theft losses and of out-of-pocket costs paid by data breach victims for protective measures such as credit monitoring services, credit reports, and credit freezes; compensation for time spent responding to the breach; imposition of credit monitoring services and identity theft insurance, paid for by the defendant company; and improvements to the defendant company’s data security systems.
Data privacy class actions are brought on a contingent-fee basis; thus, plaintiffs and the class members do not pay out-of-pocket attorney’s fees or litigation costs. Subject to court approval, attorney’s fees and litigation costs are derived from the recovery obtained for the class.
Nov 11, 2019 | Securities Class Action Archive
Adverum Biotechnologies Shareholder Alert – Kehoe Law Firm, P.C. Investigating Potential Securities Claims on Behalf of Investors of Adverum Biotechnologies, Inc. – ADVM
PHILADELPHIA, November 11, 2019 (GLOBE NEWSWIRE) – Kehoe Law Firm, P.C. is investigating potential securities claims on behalf of investors of Adverum Biotechnologies (“Adverum” or the “Company”) (NasdaqGS: ADVM) concerning possible violations of the federal securities laws.
Investors of Adverum Biotechnologies who have suffered losses are encouraged to contact John Kehoe, Esq, (215) 792-6676, Ext. 801, [email protected], or Kevin Cauley, Director of Business Development, (215) 792-6676, Ext. 802, [email protected], [email protected], to learn more about the investigation or potential legal claims.
Kehoe Law Firm, P.C., with offices in New York and Philadelphia, is a multidisciplinary, plaintiff–side law firm dedicated to protecting investors from securities fraud, breaches of fiduciary duties, and corporate misconduct. Combined, the partners at Kehoe Law Firm have served as Lead Counsel or Co-Lead Counsel in cases that have recovered more than $10 billion dollars on behalf of institutional and individual investors.
