Magellan Health Reports Ransomware Attack – Records Included Personal Information (E.g., Name, Address, Employee ID Number) and W-2 or 1099 Details (E.g., Social Security Number or Taxpayer ID Number) 

Kehoe Law Firm, P.C. is making consumers aware that Magellan Health, Inc. submitted a breach notification sample to the State of California Department of Justice, Office of the Attorney General, stating that on April 11, 2020 Magellan Health was “the victim of a criminal ransomware attack.” 

Magellan’s breach notification stated, among other things, that “[t]he unauthorized actor gained access to Magellan’s systems after sending a phishing email on April 6 that impersonated a Magellan client.” The breach notification also stated  that “prior to the launch of the ransomware, the unauthorized actor exfiltrated a subset of data from a single Magellan corporate server, which included some . . . personal information,” and that “[i]n limited instances, and only with respect to certain current employees, the unauthorized actor also used a piece of malware designed to steal login credentials and passwords.”

Magellan Health reported that “[t]he exfiltrated records include personal information such as name, address, employee ID number, and W-2 or 1099 details such as Social Security number or Taxpayer ID number and, in limited circumstances, may also include usernames and passwords.” [Emphasis added.]

Have You Been Impacted by A Data Breach?

If so, please either contact Kehoe Law Firm, P.C. Partner Michael Yarnoff, Esq., (215) 792-6676, Ext. 804, [email protected], complete the form on the right or e-mail [email protected] for a free, no-obligation case evaluation of your facts to determine whether your privacy rights have been violated and whether there is a basis for a data privacy class action.

Examples of the type of relief sought by data privacy class actions, include, but are not limited to, reimbursement of identity theft losses and of out-of-pocket costs paid by data breach victims for protective measures such as credit monitoring services, credit reports, and credit freezes; compensation for time spent responding to the breach; imposition of credit monitoring services and identity theft insurance, paid for by the defendant company; and improvements to the defendant company’s data security systems.

Data privacy class actions are brought on a contingent-fee basis; thus, plaintiffs and the class members do not pay out-of-pocket attorney’s fees or litigation costs.  Subject to court approval, attorney’s fees and litigation costs are derived from the recovery obtained for the class.

Kehoe Law Firm, P.C.