In recent years, data breaches have become more common. In fact, the total number of data breaches increased 68 percent between 2020 and 2021. Just last week, there were about 14 data breaches, including those involving Fairfield County Implants & Periodontics, Wells Fargo, El Monte RV, Paramit, Great Plains Beef and Lone Creek Cattle Company, Simonson Lumber, Elephant Insurance, WellDyneRx, North Alabama Bone & Joint Clinic, Cornish College of the Arts, Oklahoma City Indian Clinic, NuLife Med, Quantum Imaging & Therapeutic Associates, Inc., and Covenant Care California, LLC.
If you received a data breach notification, it is essential you understand what is at risk and what you can do about it. To learn more about how to protect yourself from becoming a victim of fraud or identity theft and what your legal options are in the wake of a data breach, please see our recent piece on the topic here.
Fairfield County Implants & Periodontics
On March 2, 2022, Fairfield County Implants & Periodontics first learned of an incident involving unauthorized access to an employee's email account. In response, the company investigated the incident, learning that an unauthorized party was able to view and potentially retrieve sensitive information belonging to certain consumers.
While the breached information varies based on the individual, it may include affected parties’ names, addresses, dates of birth, phone numbers, email addresses, Social Security numbers, health insurance information, and medical history treatment information.
On April 15, 2022, Fairfield County Implants & Periodontics issued data breach letters to those whose information was compromised in the breach.
Wells Fargo
Little is known about the Wells Fargo breach at this point, as it only recently occurred. However, according to an official filing by Wells Fargo, on January 2, 2022, the company first learned of a data security incident. Upon investigating the incident, Wells Fargo learned that unauthorized access to the company’s computer network occurred a few days earlier, on December 31, 2021. Wells Fargo has yet to reveal what information was compromised as a result of the breach.
On May 5, 2022, Wells Fargo sent out data breach letters to those whose information was compromised in the breach.
El Monte RV
In late January 2021, El Monte RV first detected unauthorized activity on its computer network. In response, the company investigated the incident to determine whether any consumer information was leaked as a result. On April 5, 2022, El Monte RV confirmed that the breach resulted in certain consumer data being compromised. Apparently, the unauthorized party had access to the company’s network between the dates of January 22 and January 24, 2022.
On May 5, 2022, El Monte RV issued data breach letters to those whose information was compromised in the breach.
Paramit
The Paramit breach originated from unauthorized access to the company’s computer system, which occurred on April 8, 2022. After discovering the unauthorized activity, Paramit conducted an investigation into the incident, confirming that sensitive consumer data was compromised as a result.
Subsequently, Paramit underwent a detailed review of all compromised data to determine which parties were affected and what information was leaked. While the breached information varies based on the individual, it may include the names, Social Security numbers and dates of birth of affected individuals.
On May 5, 2022, Paramit sent out data breach letters to those whose information was compromised in the breach.
Great Plains Beef and Lone Creek Cattle Company
Great Plains Beef and Lone Creek Cattle Company breach involves two separate but related companies, both of which involve the production of beef. On October 1, 2021, the companies first learned of a data security incident affecting the companies’ computer systems. Through a subsequent investigation, the companies confirmed that an unauthorized party was able to access sensitive consumer information. On May 4, 2022, Great Plains Beef and Lone Creek Cattle Company completed their review of all affected files and identified those whose information was leaked as a result of the breach. However, neither company provided a list of the compromised data.
On May 4, 2022, Great Plains Beef and Lone Creek Cattle sent out data breach letters to those whose information was compromised in the breach.
Simonson Lumber
On April 9, 2022, Simonson Lumber detected what the company determined was potential unauthorized access to its computer system. This prompted Simonson Lumber to investigate the incident, which confirmed that an unauthorized party was able to access, view, and potentially obtain sensitive consumer information.
While the breached information varies based on the individual, it may include consumers’ names, mailing addresses, telephone numbers, dates of birth, Social Security numbers, driver’s license numbers, and credit card or bank account numbers.
On May 6, 2022, Simonson Lumber sent out data breach letters to those whose information was compromised in the breach.
Elephant Insurance
In April of this year, Elephant Insurance determined that there was unusual activity on its computer system. The company enlisted the assistance of third-party cybersecurity experts to look into the incident. This investigation confirmed that an unauthorized party was able to access sensitive information contained on the company’s servers. On April 25, 2022, the company completed its review of the compromised files.
The Elephant Insurance breach resulted in the names, driver’s license numbers, and dates of birth of affected parties being compromised. On May 6, 2022, Elephant Insurance issued data breach letters to those whose information was compromised in the breach.
WellDyneRx
The breach at WellDyneRx was first discovered on December 2, 2021, when the company learned of suspicious activity related to a company email account. Upon conducting an investigation into the incident, WellDyneRx confirmed that an unauthorized party was able to access and potentially remove sensitive files from the company’s network between the dates of October 30, 2021 and November 11, 2021.
As a result of the WellDyneRx data breach, the following information was compromised: names, dates of birth, Social Security numbers, driver’s license numbers, treatment information, health insurance information, contact information, prescription information, and other medical and healthcare related information.
On May 6, 2022, WellDyneRx sent out data breach letters to those whose information was compromised in the breach.
North Alabama Bone & Joint Clinic
On March 9, 2022, North Alabama Bone & Joint Clinic noticed suspicious activity on its computer system. This prompted the company to investigate the incident. Through this investigation, the company confirmed that, on March 9, 2022, an unauthorized party was able to gain access to multiple employee email accounts.
The information compromised in the breach includes affected parties’ names, contact information, financial information, dates of birth, family information, medical record numbers, prescription information, medical and clinical information, including diagnosis and treatment history, and health insurance information.
On May 6, 2022, North Alabama Bone & Joint Clinic posted notice of the breach on its website. Once North Alabama Bone & Joint Clinic identifies all parties affected by the breach, the company will likely send them data breach notification letters.
Cornish College of the Arts
The data breach at Cornish College of the Arts was first discovered after the school learned that an unauthorized party may have attempted to access its computer network. After looking into the incident, on April 4, 2022, Cornish College of the Arts confirmed that an unauthorized party was able to access and potentially remove sensitive files from the school’s network between the dates of June 6, 2021 and June 10, 2021.
The information compromised in the breach includes the affected parties’ full names, Social Security numbers, financial account information and security code, payment card information, driver’s license numbers, health insurance information, passport numbers, digital signatures, and medical information.
On May 6, 2022, Cornish College of the Arts sent out data breach letters to those whose information was compromised in the breach.
Oklahoma City Indian Clinic
Oklahoma City Indian Clinic (“OKCIC”) recently reported a breach that compromised the sensitive information of as many as 38,239 people. According to a notice posted on the OKCIC website, on March 10, 2022, the clinic first learned of a data security incident affecting some of its computer systems. In response, OKCIC retained cybersecurity experts to look into the breach, which confirmed that an unauthorized party was able to access and potentially retain consumer data. The breach included affected individuals’’ names, dates of birth, treatment information, prescription information, medical records, physician information, health insurance policy numbers, phone numbers, Tribal ID numbers, Social Security numbers, and driver’s license numbers.
On May 9, 2022, OKCIC sent out data breach letters to those whose information was compromised in the breach.
Nu Life Med, LLC
The NuLife Med breach was first detected by the company on March 11, 2022, when employees noticed suspicious activity on the company network. After making this discovery, NuLife Med consulted with external cybersecurity experts to conduct an investigation into the incident. This investigation revealed that between March 9, 2022 and March 11, 2022, an unauthorized party was able to access files containing sensitive consumer data.
The information compromised in the breach includes the affected parties’ names, addresses, Social Security numbers, medical information and health insurance information, and financial account or credit card information.
After identifying all consumers impacted by the breach, on May 9, 2022, NuLife Med sent all affected parties data breach letters explaining the incident and what they can do to protect themselves from identity theft and other frauds.
Quantum Imaging & Therapeutic Associates, Inc.
On May 9, 2022, Quantum Imaging & Therapeutic Associates, Inc. (“QITA”) filed an official notice of a data breach stemming from unauthorized access to the company’s IT network. According to the notice provided by QITA, the data security incident was first discovered on October 7, 2021. At this time, QITA launched an investigation into the incident to determine whether any consumer data was impacted. While QITA claims to have stopped the intrusion, the company could not confirm that consumer data was unaffected. The potentially impacted data includes certain consumers’ names, mailing addresses, dates of birth, Social Security numbers, and protected health information.
After identifying all consumers impacted by the breach, on May 9, 2022, Quantum Imaging & Therapeutic Associates sent all affected parties data breach letters explaining the incident and what they can do to protect themselves from identity theft and other frauds.
Covenant Care California, LLC
The Covenant Care California breach originated at the company’s Wagner Heights Nursing and Rehabilitation Center facility, when an unauthorized party was able to gain access to an employee email account. Evidently, the employee responded to an email phishing attack on or around February 24, 2022. After learning about the cybersecurity incident, Covenant Care California launched an investigation into the incident to determine whether any patient data was leaked as a result. Subsequently, on April 18, 2022, the company confirmed that certain patients’ medical records were available through the employee’s email account.
After learning that sensitive patient data was accessible to an unauthorized party, Covenant Care California engaged in a detailed review of the affected files to determine the extent of the compromised information. On May 6, 2022, Covenant Care California sent data breach letters to all patients whose information was compromised due to the recent data security incident.
