Data Breach Affected Undisclosed Number of Individuals and May Have Included, Among Other Things, Dental/Treatment, Insurance, Social Security, and Date of Birth Information

On November 12, 2019, reported that “Delta Dental of Arizona is notifying an undisclosed number of individuals that their personal and medical data was potentially breached by a phishing attack in July.”

Delta Dental of Arizona’s “Notice of Data Incident” stated, among other things, that

[o]n or around July 8, 2019, Delta Dental of Arizona became aware of suspicious activity related to an employee’s email account. [Delta Dental of Arizona] immediately commenced an investigation, working with third party forensic investigators, to assess the nature and scope of the email account activity. The investigation confirmed that the employee fell victim to an email phishing scheme that allowed an unauthorized actor to gain access to the email account. While [Delta Dental of Arizona has] no evidence of actual or attempted misuse of any information present in the email account, [Delta Dental of Arizona] could not rule out the possibility of access to data present in the account. Delta Dental of Arizona undertook a lengthy and labor-intensive process to identify the personal information contained in the affected account. In an abundance of caution, Delta Dental of Arizona is notifying individuals because [Delta Dental of Arizona] confirmed that certain personal information was present in the affected account. [Emphasis added.]

Additionally, Delta Dental of Arizona stated that its “. . . investigation determined that the information present in the affected email account may include: name, address, date of birth, Social Security number, Member or Subscription identification number, driver’s license number, government issued identification number, state identification number, passport number, financial account information, credit and/or debit card information, dental/treatment information, dental insurance information, digital signature, and/or username and password.” [Emphasis added.]

According to, “[t]he notification did not explain the delay in reporting the incident. Under HIPAA, covered entities and business associates are required to provide breach notifications within 60 days of discovery.”

Have You Been Impacted by A Data Breach?

If so, please either contact Kehoe Law Firm, P.C. Partner Michael Yarnoff, Esq., (215) 792-6676, Ext. 804, [email protected], complete the form on the right or send an e-mail to [email protected] for a free, no-obligation case evaluation of your facts to determine whether your privacy rights have been violated and whether there is a basis for a data privacy class action.

Examples of the type of relief sought by data privacy class actions, include, but are not limited to, reimbursement of identity theft losses and of out-of-pocket costs paid by data breach victims for protective measures such as credit monitoring services, credit reports, and credit freezes; compensation for time spent responding to the breach; imposition of credit monitoring services and identity theft insurance, paid for by the defendant company; and improvements to the defendant company’s data security systems.

Data privacy class actions are brought on a contingent-fee basis; thus, plaintiffs and the class members do not pay out-of-pocket attorney’s fees or litigation costs.  Subject to court approval, attorney’s fees and litigation costs are derived from the recovery obtained for the class.

Kehoe Law Firm, P.C.