Data Breaches Make Consumers Vulnerable

Virtually all your financial and medical interactions amount to exercises in trust of people you don’t know. You are depending on others to protect your information from criminals who know how to use it to steal and can devastate your financial health.
Speak to an Attorney Now

Every time you pay for a purchase with a credit card or a check, you trust the merchant with your financial secrets.

Whenever you visit a doctor, are treated in a hospital, or sign up for health insurance, you expose your precious personal information to strangers.

For a free consultation and more information about your legal options, please contact us today.

Get a Free Case Review

In your interactions with government offices, service providers, and even your own employer, you are vulnerable; you are sharing valuable data that, if not properly guarded, thieves can exploit.

Virtually all your financial and medical interactions amount to exercises in trust of people you don’t know. You are depending on others to protect your information from criminals who know how to use it to steal and can devastate your financial health.

Weitz & Luxenberg believes your trust should not be violated. Your information deserves the same care as any other valuable asset. Jewelry stores wouldn’t remain in business very long if they left their doors unlocked at night.

But in far too many cases, innocent people are being let down by those they trust. And things only seem to be getting worse, even as news coverage has brought the importance of data protection to light.

Data Breaches Hit Record

In 2016 alone, the nonprofit Identity Theft Resource Center (ITRC) documented 1,093 data breaches that exposed more than 36 million records, an all-time record that topped the previous record by 40%. (1)

The ITRC Data Breach Report detailed cases involving data kept by government offices, medical and insurance companies, websites, banking and financial institutions, educational facilities, and other businesses. (2)

The breaches included incidents of hacking, stolen and misplaced laptop computers, and medical patient documents being carelessly handled. (3) In one documented instance, a psychiatric hospital patient gained access to other patients’ information through a hospital library computer and then posted the information on social media. (4)

The incidents documented by the ITRC ranged from small numbers of records being mishandled to millions of people’s sensitive data being compromised when a personal laptop and hard drives were taken by burglars who broke into a federal Office of Child Support Enforcement building in Washington state. (5)

We would feel privileged to assist you. For a free consultation and more information about your legal options, please contact us today.
(800) 476-6070

Large-Scale Data Breaches

In addition, mind-boggling, large-scale data breaches have been documented in the media and in Congress.

At least five of those breaches each compromised 100 million records or more:

  • More than 1 billion Yahoo user accounts were compromised in a data theft in August 2013, in addition to more than 500 million accounts that were breached in 2014. (6)
  • Time Inc. announced in May 2016 that a Russian cyberhacker obtained 360 million Myspace users’ account login data, which was made available on an online hacker forum. (7) (8)
  • More than 100 million LinkedIn users’ account information was offered for sale online following a 2012 breach. Four years later, USA Today reported up to 100 million LinkedIn participants were advised to change their passwords. (9) (10)
  • Hackers were able to access personal data of 145 million eBay customers by breaking into a database with information that included names, birth dates, email addresses, passwords, addresses, and phone numbers, information experts said could be used for identity theft. (11)
  • The chief financial officer for Target apologized to Congress and the American public for what he said was a criminal attack and data breach that compromised the personal information of 110 million customers. (12)

Low Profile Breaches Common

As frightening as those high-profile breaches are, most unauthorized data releases happen in smaller doses that escape the bright national spotlight.  For example, car dealerships customers’ and employees’ data were exposed online. And a union pension plan was the victim of a ransomware attack.  Military veterans’ data was compromised at a U.S. Department of Veterans Affairs health system in Colorado. (13) And the Trump Hotel Chain agreed to pay a $50,000 penalty and change its data security after credit card numbers and other information for 70,000 customers were exposed in data breaches. (14)

The financial and emotional harm being caused to innocent citizens by lax data security practices is enormous. As the acting chairman of the Federal Trade Commission told a Congressional committee, “Failing to take reasonable precautions to secure data from identity thieves and other malicious actors hurts consumers and legitimate businesses alike.” (15)

According to the U.S. Department of Justice’s Bureau of Justice Statistics, 17.6 million people in the United States were victims of identity theft in 2014.

That year, the most common type of ID theft was the unauthorized misuse of an existing account, such as fraudulent use of a credit card or use of existing telephone, bank, online, or insurance accounts. (16)

While most identity theft victims were able to resolve their issues within a day or less, about 9% — 1.5 million people — spent more than a month trying to fix the problems, according to the bureau. “Victims who spent more time resolving the associated problems were more likely to experience problems with work and personal relationships and severe emotional distress,” the bureau said in a news release. “Among identity theft victims who spent six months or more resolving financial and credit problems due to the theft, 29 percent experienced severe emotional distress.” (16)

Health Care Information at Risk

When visiting the doctor, or being treated in a hospital, you are often at your most vulnerable. You shouldn’t have to worry about being a crime victim, or about the security of your most personal information, at a time like that.

Yet, in the last few years, more than 100 million health records have been exposed in security breaches, some involving ransomware attacks that have forced the temporary shutdowns of hospitals in the United States and the United Kingdom. (17) 

Since October of 2009, the Department of Health and Human Services has recorded more than 1,900 health care data breaches, each affecting 500 or more individuals, with the largest affecting 78.8 million people covered by the Anthem Health Plan. (18)

Investigators later determined that a foreign government was behind the 2015 Anthem breach, which began when someone working for a subsidiary opened an email with malicious content, allowing hackers to gain remote access to at least 90 systems within Anthem, including the company’s data warehouse. (19)

According to a recent report, nearly half of pharmaceutical and life science organizations experienced a security breach within a period of one year. (20) And in 2014, the Federal Trade Commission recorded more than 3,300 physician and patient cases of medical identity theft. (21)

Weitz & Luxenberg is pursuing compensation through a class action lawsuit on behalf of victims of a massive data breach at Excellus BlueCross BlueShield. An estimated 10.5 million Excellus and Lifetime customers’ personal information was exposed in the breach, which was discovered in August 2015 and is believed to have begun in 2013. 

In that breach, cyber hackers may have gained access to clients’ names, dates of birth, Social Security numbers, financial account information, and claim information. (22)

Using Personal Information for Crimes

The U.S. Department of Justice warns that criminals who obtain enough identifying information about a person can use it to commit different crimes, including falsely applying for loans and credit cards, fraudulently withdrawing money from banks, and obtaining goods and privileges that the crooks couldn’t get in their own names. (23)

“…credit monitoring won’t tell you if an identity thief withdraws money from your bank account, or uses your Social Security number to file a tax return and collect your refund.” (24)

Although businesses often offer credit monitoring to customers whose information was exposed, the Federal Trade Commission says such services provide limited help. “Credit monitoring only warns you about activity that shows up on your credit report,” the FTC says. “But many types of identity theft won’t appear. For example, credit monitoring won’t tell you if an identity thief withdraws money from your bank account, or uses your Social Security number to file a tax return and collect your refund.” (24)

Innocent victims, whether they are individuals or businesses, deserve better when their personal data is exposed to criminals through no fault of their own. They deserve to be compensated for what happened to them.

  1. Identity Theft Resource Center. (2017, January 19). Data Breaches Increase 40 Percent in 2016, Finds New Report from Identity Theft Resource Center and CyberScout. Retrieved from http://www.idtheftcenter.org/2016databreaches.html
  2. Identity Theft Resource Center. (2017, January 18). Data Breach Reports, 2016 End of Year Report (Pg. 4). Retrieved from http://www.idtheftcenter.org/images/breach/2016/DataBreachReport_2016.pdf
  3. Identity Theft Resource Center. (2017, January 18). Data Breach Reports, 2016 End of Year Report. (Pgs. 47, 88, 78). Retrieved from http://www.idtheftcenter.org/images/breach/2016/DataBreachReport_2016.pdf
  4. Identity Theft Resource Center. (2017, January 18). Data Breach Reports, 2016 End of Year Report. (Pg. 58). Retrieved from http://www.idtheftcenter.org/images/breach/2016/DataBreachReport_2016.pdf
  5. Identity Theft Resource Center. (2017, January 18). Data Breach Reports, 2016 End of Year Report. (Pg. 222). Retrieved from http://www.idtheftcenter.org/images/breach/2016/DataBreachReport_2016.pdf
  6. Weise, E. (2016, December 14). It’s new and it’s bad: Yahoo Discloses 1B account breach. Retrieved from http://www.usatoday.com/story/tech/news/2016/12/14/yahoo-discloses-likely-new-1-billion-account-breach/95443510/
  7. Myspace. (2016, May 31). Myspace. Retrieved from https://myspace.com/pages/blog
  8. Weise, E. (2016, May 31). 360 million Myspace accounts breached. Retrieved from http://www.usatoday.com/story/tech/2016/05/31/360-million-myspace-accounts-breached/85183200/
  9. LinkedIn. (2016, May 20). Protecting Our Members. Retrieved from https://blog.linkedin.com/2016/05/18/protecting-our-members
  10. Weise, E. (2016, May 20). Millions of LinkedIn users told to change password. Retrieved from http://www.usatoday.com/story/tech/2016/05/20/linkedin-hack-2012-passwords-motherboard/84662318/
  11. Perlroth, N. (2014, May 21). EBay Urges New Passwords After Breach. Retrieved from https://www.nytimes.com/2014/05/22/technology/ebay-reports-attack-on-its-computer-network.html
  12. U.S. Senate Committee on the Judiciary Hearing on Privacy in the Digital Age: Preventing Data Breaches and Combating Cybercrime. (2014, February 4). Written Testimony of John Mulligan, Executive Vice President and Chief Financial Officer, Target. Retrieved from https://www.judiciary.senate.gov/imo/media/doc/02-04-14MulliganTestimony.pdf
  13. Identity Theft Resource Center. (2017, January 18). Data Breach Reports 2016 End of Year Report. (Pg. 94). Retrieved from http://www.idtheftcenter.org/images/breach/2016/DataBreachReport_2016.pdf
  14. The New York Times. (2016, September 24). Donald Trump’s Hotel Chain to Pay Penalty Over Data Breaches. Retrieved from https://www.nytimes.com/2016/09/25/us/politics/trump-hotel-data.html
  15. Federal Trade Commission. (2017, March 8). FTC Testifies before House Committee About Data Security and Small Businesses. Retrieved from https://www.ftc.gov/news-events/press-releases/2017/03/ftc-testifies-house-committee-about-data-security-small
  16. Office of Justice Programs, Bureau of Justice Statistics. (2015, September 27). 17.6 million U.S. Residents Experienced Identity Theft in 2014. Retrieved from https://www.bjs.gov/content/pub/press/vit14pr.cfm
  17. U.S. House of Representatives, Committee on Energy and Commerce, Subcommittee on Oversight and Investigations. (2017, April 4). Written Testimony of Terence M. Rice On Behalf of Merck & Co., Inc. Retrieved from http://docs.house.gov/meetings/IF/IF02/20170404/105831/HHRG-115-IF02-Wstate-RiceT-20170404.pdf
  18. U.S. Department of Health and Human Services, Office for Civil Rights. (n.d.). Breach Portal: Notice to the Secretary of HHS Breach of Unsecured Protected Health Information. Retrieved from https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf
  19. California Department of Insurance. (2017, January 6). Investigation of major Anthem cyber breach reveals foreign nation behind breach. Retrieved from http://www.insurance.ca.gov/0400-news/0100-press-releases/2017/release001-17.cfm
  20. U.S. Department of Homeland Security. (2016, May). Healthcare and Public Health Sector-Specific Plan. (p. 16). Retrieved from https://www.phe.gov/Preparedness/planning/cip/Documents/2016-hph-ssp.pdf
  21. Centers for Medicare and Medicaid Services. (2015, June). Partners in Integrity. Understanding and Preventing Provider Medical Identity Theft. Retrieved from https://www.cms.gov/Medicare-Medicaid-Coordination/Fraud-Prevention/Medicaid-Integrity-Education/Provider-Education-Toolkits/Downloads/understand-prevent-provider-idtheft.pdf
  22. USA Today. (2015, September 10). Cyber breach hits 10 million Excellus healthcare customers. Retrieved from https://www.usatoday.com/story/tech/2015/09/10/cyber-breach-hackers-excellus-blue-cross-blue-shield/72018150/
  23. U.S. Department of Justice. (2017, February 7). What Are Identity Theft and Identity Fraud? Retrieved from https://www.justice.gov/criminal-fraud/identity-theft/identity-theft-and-identity-fraud
  24. Federal Trade Commission. (2016, March). Identity Theft Protection Services. Retrieved from https://www.consumer.ftc.gov/articles/0235-identity-theft-protection-services

Get the Help You Need Today

Free Case Review