On August 29, 2022, SCA Pharmaceuticals, LLC reported a data breach with the Montana Attorney General’s office after the company experienced a malware attack. According to SCA Pharma, the breach resulted in the names, dates of birth, Social Security numbers, other governmental identifiers, certain health information, and bank account information of certain individuals being compromised. After confirming the breach and identifying all affected parties, SCA Pharmaceuticals began sending out data breach letters to all affected parties.

If you received a data breach notification, it is essential you understand what is at risk and what you can do about it. To learn more about how to protect yourself from becoming a victim of fraud or identity theft and what your legal options are in the wake of the SCA Pharmaceuticals data breach, please see our recent piece on the topic here.

What We Know About the SCA Pharmaceuticals Data Breach

The information about the SCA Pharmaceuticals, LLC data breach comes from the company’s official filing with the Montana Attorney General’s office. According to this source, on July 5, 2022, learned that hackers had installed malware on the company’s computer network, impacting the accessibility of the network. In response, SCA Pharma took the necessary steps to secure its network, terminate any unauthorized access and then launched an investigation into the incident to determine whether any sensitive consumer data was leaked.

The company’s investigation confirmed that unauthorized actors had gained access to the company’s IT network and that some of the files that were accessible to the malicious actors contained sensitive consumer information.

Upon discovering that sensitive consumer data was accessible to an unauthorized party, SCA Pharmaceuticals began the process of reviewing all affected files to determine what information was compromised and which consumers were impacted by the incident. While the breached information varies depending on the individual, it may include your name, date of birth, Social Security number, other governmental identifiers, certain health information, and bank account information.

On August 29, 2022, SCA Pharmaceuticals sent out data breach letters to all individuals whose information was compromised as a result of the recent data security incident.

More Information About SCA Pharmaceuticals, LLC

Founded in 2009, SCA Pharmaceuticals, LLC is an FDA 503B outsourcing facility based in Little Rock, Arkansas. The company provides sterile admixtures and pre-filled syringes to hospitals and health systems nationwide. Aside from the company’s headquarters in Little Rock, SCA Pharma also operates a 90,000-square-foot manufacturing facility in Windsor, Connecticut. SCA Pharmaceuticals employs more than 442 people and generates approximately $88 million in annual revenue.

The Mechanics of a Data Breach

Data breaches are receiving more attention than ever before. One reason for this is that hacking incidents are becoming increasingly common. However, despite the fact that data breaches affected more than 189 million people in 2021, many consumers (and businesses) underestimate the harm they can cause.

Hackers and other cybercriminals orchestrate data breaches to obtain sensitive consumer information they can either use themselves to commit fraud against the victims or sell to a third party. When it comes to carrying out a data breach, hackers have a variety of tools at their disposal.

Most often, hackers rely on either malware or ransomware attacks to orchestrate a data breach. Malware, or malicious software, is a program that is intended to disrupt the normal operations of a company’s computer system. Most malware programs are designed to leak information contained on the company’s network and transmit that data back to the hackers who carried out the attack.

Another way hackers obtain access to a company’s system is through a ransomware attack. Ransomware attacks use a specific type of malware that is installed on a victim’s device or network. Once installed, the program encrypts the victim’s files and locks them out of their own device. When the victim attempts to get back into their computer, they receive a message demanding they pay a ransom if they want to regain access to their computer or network.

While these two types of cyberattacks differ slightly in how they are carried out, the end result is the same: hackers obtain sensitive consumer information, usually with the intent to commit fraud. The following are the most commonly targeted data types:

  • Bank account numbers,

  • Credit and debit card numbers,

  • Healthcare information.

  • Insurance information,

  • Names and addresses, and

  • Social Security numbers.

Given the importance of this information—and the relative ease with which hackers can use it to steal a victim’s identity or commit other types of fraud—it is essential that data breach victims understand their rights and what they can do to protect themselves in the event of a data breach.