Recently, FCS Financial, a large agricultural lender based out of Missouri, announced that it experienced a data breach in April of this year, exposing the personal information of thousands of employees and consumers. Data breaches such as the one reported by FCS Financial pose a serious risk of identity theft and other financial losses to all affected consumers.
If you received a data breach letter from FCS Financial, you may have questions about whether you were affected by the breach and what the consequences of the breach could be. Consumer privacy and data breach lawyers are currently investigating the FCS Financial data breach, and can help those impacted understand what is at stake and whether they have any legal remedies against the company.
The FCS Financial Data Breach
On June 16, 2021, FCS Financial discovered that on April 18, 2021, an unauthorized third party accessed documents containing the personal information of more than 85,000 people. According to the data breach notice issued by FCS Financial, the affected parties include consumers and employees. Notice was sent to all potentially affected parties on September 17, 2021.
FCS Financial explained that the information that was accessed included:
First and last names;
Social Security Numbers;
Driver’s license numbers;
Tax-identification numbers and IRS-identifiers;
Health insurance information; and
The scope of information exposed during the breach was significant. Unfortunately, FCS Financial has no way of knowing which information was actually accessed by the unauthorized third party. However, given the nature of the compromised data, the risk of identity theft is certainly very real for anyone receiving the FCS Financial data breach letter.
The company reports that it discovered no evidence that the unauthorized party has misused any of the consumer information that was exposed through the breach; however, out of an abundance of caution, FCS Financial is offering a complimentary two-year membership to a credit monitoring service to all individuals whose information was potentially exposed.
Below is a copy of the text from the notice issued by FCS Financial:
Based on your current or previous relationship with FCS Financial (“FCS”), we are writing to advise you of a recent incident that may have involved some of your personal information. We have no reason to believe that your personal information has been misused for the purpose of committing fraud or identity theft. Nonetheless, because your information could have been affected, we are providing you this notice with guidance on what you can do to protect yourself, should you feel it is appropriate to do so.
FCS recently experienced a data security incident that involved some of our computer systems. A subsequent forensic investigation determined that an unknown third-party acquired certain data from our systems, including documents that may have contained some of your personal information. Although we are not aware of any instances of fraud or identity theft resulting from the incident, we conducted an internal review to determine the contents of the documents accessible to the unknown third party.
What Information Was Involved?
On June 16, 2021, our investigation determined that documents the third party acquired contained personal information about a number of individuals who either worked with or for our association. Subsequently, other information received during the investigation indicated additional individuals’ personal data may have been included. Out of an abundance of caution, we are providing a broad, detailed list of the information that may have been involved. The type of information differs from individual to individual, and we cannot say with certainty whether this information was accessed for any particular person. However, the involved information may include your name, address and other contact information such as email or phone number; Social Security number; driver’s license number; or financial information such as account information, tax identification number, or unique IRS-related identifier. For a limited number of individuals, the incident may have also involved their date of birth, health insurance information, or medical information.
What We Are Doing?
Upon learning of the incident, we promptly restored the affected systems and conducted an initial investigation into how the incident occurred and contacted the proper authorities. We also engaged a leading forensic security firm to investigate the incident and confirm the security of our systems. In addition, we have taken steps to reduce the risk of this type of incident from occurring in the future, including implementing additional technical controls. We have chosen to do a broad notification of the security incident to alert individuals that potentially could have been involved. Although we have no evidence of your information being used for the purposes of fraud or identity theft, we are offering you a complimentary two-year membership to Experian IdentityWorksSM Credit 3B. This product helps detect possible misuse of your personal information and provides you with identity protection services focused on immediate identification and resolution of identity theft. IdentityWorks Credit 3B is completely free to you and enrolling in this program will not hurt your credit score. For more information on identity theft prevention and IdentityWorks Credit 3B, including instructions on how to activate your complimentary two-year membership, please see the supplementary information provided in this letter.
What You Can Do?
You can find more information on steps to protect yourself against identity theft or fraud in the enclosed Additional Important Information sheet. We also encourage you to activate the credit monitoring services we are providing to you.
Other Important Information:
FCS is committed to the privacy and confidentiality of our customers and community members. We take our responsibility to safeguard your personal information seriously and apologize for any inconvenience or concern this incident might cause. For further information and assistance, please call from 8:00 AM - 5:30 PM Central Time, Monday through Friday, excluding some U.S. holidays.
How Can I Protect Myself in the Wake of the FCS Financial Data Breach?
If you received a data breach notification from FCS Financial, it does not mean that your information was necessarily accessed by a third party or that you will fall victim to identity theft. However, it is a possibility. And while state and federal laws provide some protections to the victims of data breaches, there is no guarantee that you will not be held responsible for any unauthorized activity. Thus, it is important that you take the following steps to protect yourself.
Read the notice in its entirety to determine what information was exposed;
Enroll in the free creditor-monitoring service offered by FCS Financial;
Change your passwords to all online accounts, using unique passwords for each site;
Notify banks and credit card companies of the breach;
Frequently check your bank accounts for signs of unauthorized activity;
Frequently check your credit report for signs of identity theft; and
Set up a fraud alert with one or more of the three credit bureaus.
Can You Sue a Company After a Data Breach?
The laws surrounding data breach liability are complex; however, in recent years, several large companies have been sued for mishandling consumer information exposed through a data breach. If your information was accessed by a hacker or other unauthorized party, it is imperative you understand your rights and legal remedies, even if you have not yet discovered any unauthorized activity. An experienced consumer privacy lawyer can familiarize you with your rights so you can protect yourself and make an informed decision on how to proceed.