On August 25, 2022, CorrectHealth reported a data breach with the various state attorney generals’ offices after the company learned that an unauthorized party had gained access to several employee email accounts. According to Correct Health, the breach resulted in the names, addresses, Social Security numbers, Driver’s License numbers, passport numbers, financial account information, and limited medical information of certain individuals being compromised. After confirming the breach and identifying all affected parties, Correct Health began sending out data breach letters to all 54,066 individuals whose information was leaked as a result of the breach.

If you received a data breach notification, it is essential you understand what is at risk and what you can do about it. To learn more about how to protect yourself from becoming a victim of fraud or identity theft and what your legal options are in the wake of the Correct Health data breach, please see our recent piece on the topic here.

What We Know About the Correct Health Data Breach

The information about the CorrectHealth data breach comes from the official notices filed with several state attorney generals’ offices, as well as a notice posted on the company’s website. According to these sources, on November 1, 2021, CorrectHealth learned that an unauthorized party had gained access to one or more employee email accounts. In response, Correct Health secured its systems and began working with a cybersecurity firm to investigate the incident.

On January 28, 2022, the company concluded its investigation, confirming the unauthorized access as well as the fact that the files that were accessible to the unauthorized party contained consumer information.

Upon discovering that sensitive consumer data was accessible to an unauthorized party, Correct Health began the process of reviewing all affected files to determine what information was compromised and which consumers were impacted by the incident. While the breached information varies depending on the individual, it may include your name, address, Social Security number, Driver’s License number, passport number, financial account information, and medical information.

On August 25, 2022, Correct Health sent out data breach letters to all individuals whose information was compromised as a result of the recent data security incident. Based on the company’s estimates, there were 54,066 individuals who were impacted by the CorrectHealth data breach.

More Information About CorrectHealth

Founded in 2000, CorrectHealth is a healthcare service provider based in Atlanta, Georgia. The company’s focus is on providing care to incarcerated individuals, including those in jails, prisons, and youth detention centers. CorrectHealth maintains operations throughout Georgia and throughout the southeastern United States, treating more than 14,000 patients annually. In addition to contracted providers, Correct Health employs more than 48 people and generates approximately $25 million in annual revenue.

What Can Hackers Do with a Stolen Social Security Number?

Hackers and cybercriminals are constantly developing new ways to obtain consumers’ personal, financial and protected health information. One of the most commonly targeted pieces of information is Social Security numbers. But how can they profit off of a stolen SSN? Most people assume that identity theft or unauthorized transactions are the extent of the damage a hacker can cause. And while these harms can be extremely inconvenient and require hundreds of hours of work to resolve, hackers have other ways of perpetrating fraud that may be even worse.

Below are a few different ways hackers can profit off of your stolen Social Security number.

Open Up a New Credit Card or Take Out a Loan

The most common harm associated with a data breach involves hackers using your information to open up a new line of credit. In most cases, this involves a hacker applying for a new credit card or personal loan because these are the easiest to obtain. To do this, a hacker would need your date of birth and address in addition to your Social Security number. Of course, once a criminal has your name and Social Security number, obtaining the other information won’t pose much of a hurdle.

Tax Refund Fraud

A hacker who steals your Social Security number may be able to intercept your tax refund by filing a federal tax return on your behalf. Unfortunately, victims of tax refund fraud may not know they’ve been targeted until the IRS rejects their tax return because, in the IRS’s system, it’s already been filed. To reduce the chances of a hacker successfully committing tax refund fraud, you should file your tax return as soon as possible.

Open Fraudulent Utility Accounts

One of the lesser known harms of a data breach involves a hacker opening up a new utility or cell phone account in your name. According to the Federal Trade Commission, 13 percent of fraud incidents in 2016 involved the creation of new phone and utility accounts. To open up a utility account, all a hacker needs is your name, address and your Social Security number. Often, these accounts can be set up entirely online, making it even easier for hackers to orchestrate this type of fraud.