Weitz & Luxenberg today announced it has begun investigations of two major computer-hacking episodes threatening to produce a nationwide wave of identity thefts that could amount to dollar losses in the billions for consumers and banks.
The firm indicated it is interested in hearing from victims of the data breaches so that it can explore with them their legal rights to compensation for the harm done.
In the first hacking incident, medical records associated with life insurance policies were stolen, Weitz & Luxenberg said.
The thefts of policies from Waco, Texas-based American Income Life Insurance came to light in mid-September 2014, the firm reported.
American Income Life Insurance is a subsidiary of Torchmark Corp. Its policies are typically sold to working-class families, labor unions, credit unions and associations, the firm said.
“The stolen medical records are now turning up on black-market websites, where they are being offered for sale to criminals,” said Robin L. Greenwald, who heads Weitz & Luxenberg’s Environmental, Toxic Tort & Consumer Protection Unit.
“Insurance companies know that medical records are vulnerable to criminals who will use that data to obtain credit cards in the victims’ names,” she added. “That is why insurance companies such as American Income Life must make best efforts to protect their customers’ information.”
She continued, “When data is breached, the victims of the fraud — the insurance company’s customers — will be the ones stuck with the bill for those transactions.”
Greenwald said that anyone who has a policy with American Income Life Insurance is likely vulnerable because of the data breach.
Hardest hit — for now, at least — appear to be policyholders and beneficiaries in the U.S. Pacific Northwest, said Greenwald.
In that part of the country, American Income Life Insurance policies are sold through the Altig & Orlovic Agency, she said.
“It may be some time yet before all of the victims of the data breach become aware of it or that they have been victimized,” said Greenwald.
“Meanwhile, there exists the potential for a class action lawsuit on behalf of the victims and against American Income Life Insurance for the company’s failure to safeguard private information,” she said.
In the second hacking incident, credit and debit card records of some 56 million customers of Home Depot were stolen in what could be the largest data breach in retailing history, according to The New York Times.
The Times and other press outlets reported that hackers siphoned the card data over a period of four months — and may even have continued the thefts for up to a week after they were discovered.
The data breach affects all who paid for purchases with a card at any Home Depot store in the U.S. or Canada from April to early September.
The stolen data could be potentially used to make a combined $3 billion in illegal purchases, The Times estimated.
“Independent cybersecurity analysts expect that 70 percent of the stolen cards will be used to conduct at least one fraudulent transaction,” said Greenwald.
The Times revealed that Home Depot had been warned for years that its computers were vulnerable to hacking.
Greenwald predicted community banks will bear the brunt of the data breach’s consequences. “They may be forced to cover losses that form a significant portion of their cash base,” she said.
Greenwald noted that federal law requires financial institutions to reimburse customers for fraudulent transactions. “The banks are really on the hook here and stand to suffer the most harm,” she said.
The most egregious aspect of both the Home Depot data breach and the American Income Life Insurance data breach is the failure to take proper security precautions despite known risks, Greenwald contended.
“It appears there is a systemic problem among companies entrusted with our private data and financial records that prevents them from implementing viable safeguards,” she said.