Data Breach Alert: Rockingham Mutual Group, Inc.

Console and Associates, P.C.
Contact

Recently, Rockingham Mutual Group, Inc., announced a data breach that occurred as a result of a cyberattack on the company’s information technology systems. According to a company news release, on October 2, 2020, Rockingham Mutual Group learned that an unauthorized party attempted to gain access to the company’s network. While Rockingham Mutual Group was unable to confirm that the unauthorized party successfully accessed any consumer information, the compromised servers contained the full names, mailing addresses, birthdates, and Social Security numbers of 52,564 individuals.

Data breaches such as this one can occur in several different ways. However, they are often the result of a hacker or other criminal actor breaching an organization’s IT systems for the purpose of accessing sensitive consumer information in the company’s possession. Often, cybercriminals target those companies that rely on weak or outdated data-security technology.

Once a hacker gains access to consumer data, they will often remove it, possibly to commit identity theft or sell the information to another party.  Regardless of who ends up with a consumer’s data, those whose information is compromised in a data breach are much more likely to experience identity theft or fall victim to other serious crimes. Given the risks involved, it is imperative anyone who received a data breach letter from Rockingham Mutual Group, Inc. takes the steps necessary to protect themselves from the risks data breaches such as this one present.

Those who received a data breach letter from Rockingham Mutual Group, Inc. have reason to be concerned. While the fact that someone’s information is compromised doesn’t necessarily mean the unauthorized party will use it for criminal purposes, it is a fairly common occurrence, especially in recent years. In fact, since the beginning of the COVID-19 pandemic, identity theft crimes have become much more common. In many instances, identity thieves obtain the data they need to commit these crimes through a data breach.

Companies have a duty to protect consumer data. If evidence emerges that Rockingham Mutual Group mishandled your sensitive information leading up to the breach, you may be eligible for financial compensation through a data breach lawsuit.

Are Consumers Impacted by the Rockingham Mutual Group Data Breach Entitled to Financial Compensation?

When you provided Rockingham Mutual Group, Inc. with your personal information, you trusted the company to keep your information secure. Certainly, anyone would assume that the company would take whatever precautions were necessary to prevent criminal actors from accessing and removing sensitive consumers data. However, news of the Rockingham Mutual Group, Inc. data breach raises serious questions about the adequacy of the company’s data security measures and, potentially, the company’s ongoing commitment to consumer data privacy.

All businesses in possession of consumer data have an ethical and legal obligation to ensure it remains private. And while creating and maintaining an effective data-security system is a burden for an organization, it is also a necessary cost in an environment where the threat of cyberattacks is ever-present.

United States data breach laws allow affected parties to sue corporations for the misuse or negligent handling of their data. However, these laws are complex, and news of this data breach is very recent. Thus, at this point, there is not yet any evidence suggesting that Rockingham Mutual Group bears responsibility for the breach. However, that may change as our data breach lawyers are looking into the breach to determine what legal remedies affected consumers may have against the Rockingham Mutual Group, Inc.

If you have questions about your ability to bring a class action lawsuit against Rockingham Mutual Group, Inc., it is essential that you contact a data breach attorney as soon as possible.

What to Do if You Received a Data Breach Notification from Rockingham Mutual Group, Inc.

If you received a data breach letter from Rockingham Mutual Group, Inc., you may be among those whose personal data was compromised in the recent data breach. It also means a total stranger may have accessed, viewed, and retained your sensitive personal information. While there is no telling why someone would want your information or what they might do with it, the situation is concerning. Thus, it is essential you remain vigilant to protect yourself by taking the following steps:

  • Carefully read the data breach letter sent by Rockingham Mutual Group, Inc. to determine what information of yours was accessible;
  • Make a copy of the letter for your records;
  • Enroll in the free credit monitoring service provided by Rockingham Mutual Group, Inc.;
  • Change all your passwords and security questions for any online accounts;
  • Enable two-factor or multi-factor authentication, where it is available;
  • Regularly review your credit card and bank account statements for any signs of suspicious activity;
  • Monitor your credit report for any unexpected changes that may be a sign of identity theft;
  • Contact one of the major credit bureaus to request they add a fraud alert to your profile; and
  • Notify your banks and credit card companies of the data breach.

About Rockingham Mutual Group, Inc.

Rockingham Mutual Group, Inc. is an insurance company that serves customers in Virginia and Pennsylvania. Rockingham Mutual Group, Inc. is the parent company of several other insurers, including Rockingham Group, Inc., Rockingham Insurance Company, Rockingham Casualty Company, Rockingham Mutual Service Agency, Inc, and Rockingham Specialty, Inc.

The company provides customers with a wide range of various insurance policies and currently has more than 50,000 policyholders.

The Details of the Rockingham Mutual Group, Inc. Consumer Data Breach

According to the most recent data breach letter issued by Rockingham Mutual Group, Inc., on October 2, 2020, the company detected that it was the target of a cybersecurity attack. Rockingham Mutual Group did not elaborate on the nature and cause of the cyberattack. However, through a subsequent investigation, the company learned the unauthorized party gained access to some of the company’s electronic files containing the full names, mailing addresses, birthdates, and Social Security numbers of 52,564 individuals.

More recently, Rockingham Mutual Group, Inc. distributed written notice to all affected parties, informing them of the breach and what they can do to protect themselves. While Rockingham Mutual Group says there is no indication that the unauthorized party used any of the compromised consumer data or intends to do so, the company encouraged those who received a data breach letter to keep a lookout for signs of identity theft by closely monitoring their online accounts and credit reports.

Below is a copy of the initial data breach letter issued by Rockingham Mutual Group, Inc. (the actual notice sent to consumers can be found here):

Dear [Consumer],

We are writing in order to inform you of an incident that may have exposed your sensitive personal information. We take the security of your personal information seriously and want to provide you with information and resources you can use to protect your information.

What Happened and What Information was Involved:

On October 2, 2020, Rockingham Mutual Group, Inc. (“RMG”) detected that it was the target of a cybersecurity attack. An unauthorized third party attempted to infiltrate RMG’s computer network. Although we have found no evidence that your information has been specifically accessed for misuse, it is possible that your full name, mailing address, birthdate, and social security number could have been exposed.

We maintained this information on our system for standard payroll and organizational purposes.

As of this writing, RMG has not received any reports of related identity theft since the date of the incident (October 2, 2020 – present).

What We Are Doing:

Upon detecting this incident, we moved quickly to initiate our incident response, which included conducting an investigation with the assistance of third-party forensic specialists and confirming the security of our network environment. We have been working with law enforcement to respond to this incident. We have reviewed and altered our policies and procedures relating to the security of our systems and servers, as well as our information life cycle management.

We value the safety of your personal information and are therefore offering two years of credit monitoring and identity theft protection services through IDX, which include:

    • Single Bureau Credit Monitoring – Monitoring of credit bureau for changes to the member’s credit file such as new credit inquires, new accounts opened, delinquent payments, improvements in the member’s credit report, bankruptcies, court judgments and tax liens, new addresses, new employers, and other activities that affect the member’s credit record.

    • CyberScan – Dark Web monitoring of underground websites, chat rooms, and malware, 24/7, to identify trading or selling of personal information like SSNs, bank accounts, email addresses, medical ID numbers, driver’s license numbers, passport numbers, credit and debit cards, phone numbers, and other unique identifiers.

    • Identity Theft Insurance – Identity theft insurance will reimburse members for expenses associated with restoring their identity should they become a victim of identity theft. If a member’s identity is compromised, the policy provides coverage for up to $1,000,000, with no deductible, from an A.M. Best “A-rated” carrier. Coverage is subject to the terms, limits, and/or exclusions of the policy.

    • Fully-Managed Identity Recovery – IDX’s fully-managed recovery service provides restoration for identity theft issues such as (but not limited to): account creation, criminal identity theft, medical identity theft, account takeover, rental application, tax fraud, benefits fraud, and utility creation. This service includes a complete triage process for affected individuals who report suspicious activity, a personally assigned ID Care Specialist to fully manage restoration of each case, and expert guidance for those with questions about identity theft and protective measures.

With this protection, IDX will help you resolve issues if your identity is compromised.

What You Can Do:

We encourage you to contact IDX with any questions and to enroll in free IDX services by calling 1-800-939-4170 or by going to https://app.idx.us/account-creation/protect and using the Enrollment Code provided above. IDX is available Monday through Friday 9 am to 9 pm Eastern Time. Please note the deadline to enroll is April 27, 2021.

Again, at this time, there is no evidence that your information has been misused. However, we encourage you to take full advantage of this service offering. IDX representatives have been fully versed on the incident and can answer questions or concerns you may have regarding protection of your personal information.

For More Information:

Enclosed hereto you will find additional information regarding the resources available to you, and the steps that you can take to further protect your personal information.

RMG values the security of your personal data, and we apologize for any inconvenience that this incident has caused.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Console and Associates, P.C. | Attorney Advertising

Written by:

Console and Associates, P.C.
Contact
more
less

Console and Associates, P.C. on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.