Feb 24, 2022 | Data Breach
Creative Services, Inc., On Its Behalf and On Behalf of Relevant Data Owners, Reports Data Breach Affecting 164,673 Individuals.
Creative Services, Inc. (“Creative Services”) reported a data breach involving information that may include name and date of birth, Social Security number, and/or driver’s license number.
Creative Services is a company that “conducts background checks for employment and licensing purposes.” Creative Services “obtains certain personal information related to current and former employees, as well as employment candidates, of its customers in furtherance of the services it performs on behalf of its customers.”
The information that was subject of the company’s data breach notification concerns “information that Creative Services obtained from or on behalf of its business customers (the ‘Data Owners’) in relation to individuals associated with or employed by those customers.” An investigation determined that certain data files may have been copied from Creative Service’s systems on November 23, 2021 as part of a cyber attack. Based on the company’s data breach investigation, it was determined that the information involved may include name and date of birth, Social Security number, and/or driver’s license number.
For more information about the Creative Services data breach, please CLICK HERE.
Source: Office of The Maine Attorney General, Data Breach Notifications.
Have You Been Harmed As A Result Of A Data Breach Which Has Exposed Your Private Personal, Protected Health Or Personally Identifiable Information?
If you have experienced actual or attempted harm or been the victim of fraud due to the illegal or unauthorized exposure of your private personal, protected health or personally identifiable information, please contact Kehoe Law Firm, P.C., [email protected], for a free, confidential consultation and no-obligation evaluation of potential legal claims.
Feb 23, 2022 | Data Breach
Logan Health Medical Center Reports Data Breach Affecting 213,543 Individuals.
Logan Health Medical Center reported that on November 22, 2021, it became aware of suspicious activity in its systems, including evidence of unauthorized access to one file server that includes shared folders for business operations.
Logan Health Medical Center reported that on January 5, 2022, their investigation determined the data breach resulted in unauthorized access to certain files, which contained personal information related to patients, employees and business associates. According to the company, the information that could have been subject to unauthorized access varies by individual, but includes name, Social Security number, and date of birth.
For more information about the Logan Health Medical Center data breach, please CLICK HERE.
Source: Office of The Maine Attorney General, Data Breach Notifications.
Have You Been Harmed As A Result Of A Data Breach Which Has Exposed Your Private Personal, Protected Health Or Personally Identifiable Information?
If you have experienced actual or attempted harm or been the victim of fraud due to the illegal or unauthorized exposure of your private personal, protected health or personally identifiable information, please contact Kehoe Law Firm, P.C., [email protected], for a free, confidential consultation and no-obligation evaluation of potential legal claims.
Feb 16, 2022 | Data Breach
Have you been harmed by a data breach which has exposed your personal or protected health information?
Morley Companies Subject of Another Class Action Lawsuit; Acuity International Subsidiary Comprehensive Health Services Suffers Data Breach Affecting 94,449 Individuals.
Information compromised from the data breach of this company, which processes information for health plans, that may have been subject to unauthorized access included name, date of birth, Social Security number, driver’s license number, and health information.
For more information about the data breach, please click Morley Companies, Inc. Data Breach Notification and Morley Companies, Inc. Data Breach Notification Update.
On February 10, 2022, a class action lawsuit was filed in United States District Court, Eastern District of Michigan, Northern Division, against Morley Companies, Inc. “on behalf of individuals whose sensitive personal information was stolen by cybercriminals in a massive ransomware type malware attack on Defendant Morley beginning July 20, 2021, and first observed August 1, 2021.”
On February 15, 2022, another class action lawsuit was filed in United States District Court, Eastern District of Michigan, against Morley Companies, Inc. as a result of the recent cyberattack and data breach.
Information from the data breach of Comprehensive Health Services, a subsidiary of Acuity International, may have included unauthorized access to personal information, such as names and Social Security number.
For more information about the data breach, please click Comprehensive Health Services Notification Letter.
Have You Been Harmed As A Result Of A Data Breach Which Has Exposed Your Private Personal, Protected Health Or Personally Identifiable Information?
If you have experienced actual or attempted harm or been the victim of fraud, due to the illegal or unauthorized exposure of your private personal, protected health or personally identifiable information, please contact Kehoe Law Firm, P.C., [email protected], for a free, confidential consultation and no-obligation evaluation of potential legal claims.
Feb 9, 2022 | Data Breach
Recent Data Breach Notifications – National Math and Science Initiative / AccelHealth / Injured Workers Pharmacy / Morley Companies, Inc.
Information compromised from the data breach of this company, which processes information for health plans, that may have been subject to unauthorized accessed included name, date of birth, Social Security number, driver’s license number, and health information.
For more information about the data breach, please click Morley Companies, Inc. Data Breach Notification and Morley Companies, Inc. Data Breach Notification Update.
On February 10, 2022, a class action lawsuit was filed in United States District Court, Eastern District of Michigan, Northern Division, against Morley Companies, Inc. “on behalf of individuals whose sensitive personal information was stolen by cybercriminals in a massive ransomware type malware attack on Defendant Morley beginning July 20, 2021, and first observed August 1, 2021.”
Information compromised from the data breach of this education organization that could have been subject to unauthorized access included name, address, and Social Security number.
For more information about the data breach, please click National Math and Science Initiative Data Breach Notification.
Information compromised from the data breach of this healthcare organization which could have been subject to unauthorized access included name, address, date of birth, Social Security number, driver’s license number, financial account information, health insurance information, medical record number, and treatment/diagnosis information.
For more information about the data breach, please click AccelHealth Data Breach Notification.
Information compromised from the data breach of this healthcare company which could have been subject to unauthorized access included name, address, and Social Security number.
For more information about the data breach, please click Injured Workers Pharmacy Data Breach Notification.
Source (except for lawsuit information): Office of The Maine Attorney General, Data Breach Notifications.
Have You Been Harmed As A Result Of A Data Breach Which Has Exposed Your Private Personal, Protected Health Or Personally Identifiable Information?
If you have experienced actual or attempted harm or been the victim of fraud, due to the illegal or unauthorized exposure of your private personal, protected health or personally identifiable information, please contact Kehoe Law Firm, P.C., [email protected], for a free, confidential consultation and no-obligation evaluation of potential legal claims.
Feb 1, 2022 | Data Breach
ReproSource Fertility Diagnostics, Inc. – Data Security Incident Affects 350,000 Individuals*
ReproSource Fertility Diagnostics has reported that on August 8, 2021, an unauthorized party accessed the ReproSource network. The company discovered ransomware on August 10, 2021.
The company’s investigation did not confirm that the unauthorized party acquired data in the incident, but out of an abundance of caution, ReproSource Fertility Diagnostics notified individuals whose personal information may have been accessed.
According to the company, the personal information included name and one or more of the following: address, phone number, email address, date of birth, billing and health information, such as CPT codes, diagnosis codes, test requisitions and results, test reports and/or medical history information, health insurance or group plan identification names and numbers, and other information provided by the individual or treating physician.
Have You Been Harmed As A Result Of A Data Breach Which Has Exposed Your Private Personal, Protected Health Or Personally Identifiable Information?
If you have experienced actual or attempted harm or been the victim of fraud, due to the illegal or unauthorized exposure of your private personal, protected health or personally identifiable information, please contact Kehoe Law Firm, P.C., [email protected], for a free, confidential consultation and no-obligation evaluation of potential legal claims.
*Source: Office of The Maine Attorney General, Data Breach Notifications.
Jan 29, 2022 | Blog, Data Breach
Cybercriminals Tampering With Quick Response (“QR”) Codes To Redirect Victims To Malicious Sites That Steal Login & Financial Information
A QR code is a square barcode that a smartphone camera can scan and read to provide quick access to a website, to prompt the download of an application, and to direct payment to an intended recipient. Businesses use QR codes legitimately to provide convenient contactless access and have used them more frequently during the COVID-19 pandemic. Cybercriminals, however, are taking advantage of this technology by directing QR code scans to malicious sites to steal victim data, embedding malware to gain access to the victim’s device, and redirecting payment for cybercriminal use.
Cybercriminals tamper with both digital and physical QR codes to replace legitimate codes with malicious codes. A victim scans what they think to be a legitimate code but the tampered code directs victims to a malicious site, which prompts them to enter login and financial information. Access to this victim information gives the cybercriminal the ability to potentially steal funds through victim accounts.
Malicious QR codes may also contain embedded malware, allowing a criminal to gain access to the victim’s mobile device and steal the victim’s location as well as personal and financial information. The cybercriminal can leverage the stolen financial information to withdraw funds from victim accounts.
Businesses and individuals also use QR codes to facilitate payment. A business provides customers with a QR code directing them to a site where they can complete a payment transaction, but a cybercriminal can replace the intended code with a tampered QR code and redirect the sender’s payment for cybercriminal use.
While QR codes are not malicious in nature, it is important to practice caution when entering financial information as well as providing payment through a site navigated to through a QR code. Law enforcement cannot guarantee the recovery of lost funds after transfer.
FBI Tips To Protect Yourself
- Once you scan a QR code, check the URL to make sure it is the intended site and looks authentic. A malicious domain name may be similar to the intended URL but with typos or a misplaced letter.
- Practice caution when entering login, personal, or financial information from a site navigated to from a QR code.
- If scanning a physical QR code, ensure the code has not been tampered with, such as with a sticker placed on top of the original code.
- Do not download an app from a QR code. Use your phone’s app store for a safer download.
- If you receive an email stating a payment failed from a company you recently made a purchase with and the company states you can only complete the payment through a QR code, call the company to verify. Locate the company’s phone number through a trusted site rather than a number provided in the email.
- Do not download a QR code scanner app. This increases your risk of downloading malware onto your device. Most phones have a built-in scanner through the camera app.
- If you receive a QR code that you believe to be from someone you know, reach out to them through a known number or address to verify that the code is from them.
- Avoid making payments through a site navigated to from a QR code. Instead, manually enter a known and trusted URL to complete the payment.
The FBI advises that if you believe you have been a victim of stolen funds from a tampered QR code, report the fraud to your local FBI field office at www.fbi.gov/contact-us/field-offices. The FBI also encourages victims to report fraudulent or suspicious activities to the FBI Internet Crime Complaint Center at www.ic3.gov.
Source: FBI/ic3.gov
Have You Been Harmed As A Result Of A Data Breach Or Malicious Cyber Activity?
Victims who have been harmed as the result of the illegal or unauthorized use of their personal information due to a data breach or other malicious cyber activity are encouraged to complete the form above on the right or e-mail [email protected] for a free, no-obligation evaluation of potential legal claims.
