Every time you pay for a purchase with a credit card or a check, you trust the merchant with your financial secrets.
Whenever you visit a doctor, are treated in a hospital, or sign up for health insurance, you expose your precious personal information to strangers.
For a free consultation and more information about your legal options, please contact us today.
Get a Free Case Review
In your interactions with government offices, service providers, and even your own employer, you are vulnerable; you are sharing valuable data that, if not properly guarded, thieves can exploit.
Virtually all your financial and medical interactions amount to exercises in trust of people you don’t know. You are depending on others to protect your information from criminals who know how to use it to steal and can devastate your financial health.
Weitz & Luxenberg believes your trust should not be violated. Your information deserves the same care as any other valuable asset. Jewelry stores wouldn’t remain in business very long if they left their doors unlocked at night.
But in far too many cases, innocent people are being let down by those they trust. And things only seem to be getting worse, even as news coverage has brought the importance of data protection to light.
Data Breaches Hit Record
In 2016 alone, the nonprofit Identity Theft Resource Center (ITRC) documented 1,093 data breaches that exposed more than 36 million records, an all-time record that topped the previous record by 40%. (1)
The ITRC Data Breach Report detailed cases involving data kept by government offices, medical and insurance companies, websites, banking and financial institutions, educational facilities, and other businesses. (2)
The breaches included incidents of hacking, stolen and misplaced laptop computers, and medical patient documents being carelessly handled. (3) In one documented instance, a psychiatric hospital patient gained access to other patients’ information through a hospital library computer and then posted the information on social media. (4)
The incidents documented by the ITRC ranged from small numbers of records being mishandled to millions of people’s sensitive data being compromised when a personal laptop and hard drives were taken by burglars who broke into a federal Office of Child Support Enforcement building in Washington state. (5)
We would feel privileged to assist you. For a free consultation and more information about your legal options, please contact us today.
Large-Scale Data Breaches
In addition, mind-boggling, large-scale data breaches have been documented in the media and in Congress.
At least five of those breaches each compromised 100 million records or more:
- More than 1 billion Yahoo user accounts were compromised in a data theft in August 2013, in addition to more than 500 million accounts that were breached in 2014. (6)
- Time Inc. announced in May 2016 that a Russian cyberhacker obtained 360 million Myspace users’ account login data, which was made available on an online hacker forum. (7) (8)
- More than 100 million LinkedIn users’ account information was offered for sale online following a 2012 breach. Four years later, USA Today reported up to 100 million LinkedIn participants were advised to change their passwords. (9) (10)
- Hackers were able to access personal data of 145 million eBay customers by breaking into a database with information that included names, birth dates, email addresses, passwords, addresses, and phone numbers, information experts said could be used for identity theft. (11)
- The chief financial officer for Target apologized to Congress and the American public for what he said was a criminal attack and data breach that compromised the personal information of 110 million customers. (12)
Low Profile Breaches Common
As frightening as those high-profile breaches are, most unauthorized data releases happen in smaller doses that escape the bright national spotlight. For example, car dealerships customers’ and employees’ data were exposed online. And a union pension plan was the victim of a ransomware attack. Military veterans’ data was compromised at a U.S. Department of Veterans Affairs health system in Colorado. (13) And the Trump Hotel Chain agreed to pay a $50,000 penalty and change its data security after credit card numbers and other information for 70,000 customers were exposed in data breaches. (14)
The financial and emotional harm being caused to innocent citizens by lax data security practices is enormous. As the acting chairman of the Federal Trade Commission told a Congressional committee, “Failing to take reasonable precautions to secure data from identity thieves and other malicious actors hurts consumers and legitimate businesses alike.” (15)
According to the U.S. Department of Justice’s Bureau of Justice Statistics, 17.6 million people in the United States were victims of identity theft in 2014.
That year, the most common type of ID theft was the unauthorized misuse of an existing account, such as fraudulent use of a credit card or use of existing telephone, bank, online, or insurance accounts. (16)
While most identity theft victims were able to resolve their issues within a day or less, about 9% — 1.5 million people — spent more than a month trying to fix the problems, according to the bureau. “Victims who spent more time resolving the associated problems were more likely to experience problems with work and personal relationships and severe emotional distress,” the bureau said in a news release. “Among identity theft victims who spent six months or more resolving financial and credit problems due to the theft, 29 percent experienced severe emotional distress.” (16)
Health Care Information at Risk
When visiting the doctor, or being treated in a hospital, you are often at your most vulnerable. You shouldn’t have to worry about being a crime victim, or about the security of your most personal information, at a time like that.
Yet, in the last few years, more than 100 million health records have been exposed in security breaches, some involving ransomware attacks that have forced the temporary shutdowns of hospitals in the United States and the United Kingdom. (17)
Investigators later determined that a foreign government was behind the 2015 Anthem breach, which began when someone working for a subsidiary opened an email with malicious content, allowing hackers to gain remote access to at least 90 systems within Anthem, including the company’s data warehouse. (19)
According to a recent report, nearly half of pharmaceutical and life science organizations experienced a security breach within a period of one year. (20) And the Federal Trade Commission recorded more than 3,600 physician and patient cases of medical identity theft in one year. (21)
Weitz & Luxenberg is pursuing compensation through a class action lawsuit on behalf of victims of a massive data breach at Excellus BlueCross BlueShield. An estimated 10.5 million Excellus and Lifetime customers’ personal information was exposed in the breach, which was discovered in August 2015 and is believed to have begun in 2013.
In that breach, cyber hackers may have gained access to clients’ names, dates of birth, Social Security numbers, financial account information, and claim information. (22)
Using Personal Information for Crimes
The U.S. Department of Justice warns that criminals who obtain enough identifying information about a person can use it to commit different crimes, including falsely applying for loans and credit cards, fraudulently withdrawing money from banks, and obtaining goods and privileges that the crooks couldn’t get in their own names. (23)
Although businesses often offer credit monitoring to customers whose information was exposed, the Federal Trade Commission says such services provide limited help. “Credit monitoring only warns you about activity that shows up on your credit report,” the FTC says. “But many types of identity theft won’t appear. For example, credit monitoring won’t tell you if an identity thief withdraws money from your bank account, or uses your Social Security number to file a tax return and collect your refund.” (24)
Innocent victims, whether they are individuals or businesses, deserve better when their personal data is exposed to criminals through no fault of their own. They deserve to be compensated for what happened to them.