Krystal BioTech Files Formal Notice of Data Breach That Leaked an Unknown Number of SSNs

Console and Associates, P.C.
Contact

On January 30, 2024, Krystal BioTech, Inc. (“Krystal”) filed a notice of data breach with the Attorney General of Massachusetts after discovering that an unauthorized party was able to access confidential information that had been entrusted to Krystal. In this notice, Krystal explains that the incident resulted in an unauthorized party being able to access consumers’ sensitive information, which includes their names, Social Security numbers, financial account information and driver’s license numbers. Upon completing its investigation, Krystal began sending out data breach notification letters to all individuals whose information was affected by the recent data security incident.

If you received a data breach notification from Krystal BioTech, Inc., it is essential you understand what is at risk and what you can do about it. A data breach lawyer can help you learn more about how to protect yourself from becoming a victim of fraud or identity theft, as well as discuss your legal options following the Krystal BioTech data breach. For more information, please see our recent piece on the topic here.

What Caused the Krystal BioTech Data Breach?

The Krystal BioTech data breach was only recently announced, and more information is expected in the near future. However, Krystal’s filing with the Attorney General of Massachusetts provides some important information on what led up to the breach. According to this source, on November 16, 2023, Krystal learned of a cyberattack through a third party that resulted in an unauthorized party being able to access information that had been provided to Krystal.

In response, Krystal secured its systems and then began working with outside cybersecurity professionals to investigate the incident. This investigation confirmed that an unauthorized party was able to access confidential information belonging to certain individuals.

After learning that sensitive consumer data was accessible to an unauthorized party, Krystal BioTech reviewed the compromised files to determine what information was leaked and which consumers were impacted. Krystal completed this process on November 21, 2023. While the breached information varies depending on the individual, it may include your name, Social Security number, financial account information and driver’s license number.

On January 30, 2024, Krystal BioTech sent out data breach letters to anyone who was affected by the recent data security incident. These letters should provide victims with a list of what information belonging to them was compromised.

More Information About Krystal BioTech, Inc.

Krystal BioTech, Inc. is a commercial-stage biotechnology company located in Pittsburgh, Pennsylvania. Krystal specializes in the discovery, development and commercialization of genetic medicines for unmet medical needs. Krystal’s primary drug is VYJUVEK, which is a topical gel used to treat wounds in patients with dystrophic epidermolysis bullosa. Krystal BioTech employs more than 210 people and generates approximately $71 million in annual revenue.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Console and Associates, P.C. | Attorney Advertising

Written by:

Console and Associates, P.C.
Contact
more
less

Console and Associates, P.C. on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide