Data Privacy

A data breach occurs when an unauthorized third party accesses, retrieves, or otherwise views confidential private information. Oftentimes, a data breach results from a company’s failure to properly safeguard consumer information. The breach could stem from inadequate digital security or simple employee negligence. In either case, the consequences can devastate a consumer’s privacy, financial security, and general reputation. Migliaccio & Rathod LLP is committed to providing meaningful relief for those impacted by a data breach.

Please contact us for a free consultation if you believe your private information has been compromised by a data breach.

Open Investigations

Munson Healthcare Data Breach

Migliaccio & Rathod LLP is currently investigating Munson Healthcare for failure to adequately safeguard consumer information, resulting in a data breach. Various Munson employees fell victim to a phishing scam, which resulted in exposure of patient information to potentially malicious actors. The information shared includes names, dates of birth, insurance information, and treatment and diagnostic information. In some cases, patients’ financial account, driver’s license, and Social Security numbers were also compromised by the breach, which occurred between July 31 and October 22, 2019.

Fifth Third Bank Data Breach Investigation

Migliaccio & Rathod LLP is currently investigating Fifth Third Bank for the failure to safeguard customer data, resulting in recent data theft. Investigations confirm that internal employees perpetrated the theft of personal information, including Social Security numbers, driver’s license information, and account numbers. The employees, who have since been fired and are now under criminal investigation, participated in a fraud ring that had actively shared customer info with outside actors since 2018. At least one hundred customers have experienced known fraud. The Consumer Federation of America, an association of non-profit consumer organizations based in Washington D.C., decried Fifth Third’s letter to customers outlining the situation as “vague and deceptive.”

MGM Resorts Data Breach Investigation

Migliaccio & Rathod LLP is currently investigating a data breach that affected approximately 10.7 million hotel guests. MGM realized a breach had occurred when it discovered unauthorized access to a cloud server. Affected guest information includes full names, phone numbers, addresses, emails, and dates of birth. Though the breach occurred last Summer 2018, accessed information was published earlier this week (Feb. 17-21, 2020) on a hacking forum, thus making publicly available the contact information for millions of people. This, in turn, increases the threat of future hacking and phishing attempts for those affected. MGM’s hotels include the Bellagio, Aria, MGM Grand, Mandalay Bay, Park MGM, Mirage, New York New York, Luxor and Excalibur in Las Vegas.

Iowa’s Monroe County Hospital & Clinics Data Breach

Migliaccio & Rathod LLP is currently investigating a data breach that occurred in the Iowa Monroe County Hospital & Clinics. Approximately 7,500 were notified of a breach that may have led to the unauthorized access of their individual health information. The breach was the result of a compromised email system  that was discovered on December 19, 2019. Employee accounts became accessible between October 28, 2019 and January 20, 2020 to outside individuals. Through this breach, patients’ full names, dates of birth, addresses, insurance information, clinical information and potentially Social Security Numbers, driver’s license numbers, or financial accounts were made vulnerable to unauthorized access.

Rutter’s Convenience Store Data Breach Investigation

Migliaccio & Rathod LLP is currently investigating the Rutter’s chain of convenience stores for failing to safeguard customer data. Malware was used to break into the payment system used in the stores and on gas pumps. Customers’ cardholder names, card numbers, expiration dates, and verification codes, for those credit cards used without the security chip, were stolen. Credit cards with the security chip only had card numbers and expiration dates taken. Dozens of locations across central Pennsylvania’s Susquehanna Valley were affected. The information was taken between August 2018 and May 2019. Rutter’s created a website to help customers determine whether they might have been affected, and is available here.

Cathay Pacific Data Breach Class Action Investigation

Migliaccio & Rathod LLP is currently investigating Cathay Pacific’s alleged failure to protect sensitive customer data in the worst ever airline data hack. Affected are roughly 9.4 million Cathay Pacific customers whose passport information, including identity card numbers, names, dates of birth, postal addresses, and historical travel information may all have been compromised. Passwords, the airline said, were not compromised. Despite the breach occurring in March of 2018, the airline did not make information public until later that year, in October 2018.

British Airways Data Breach Class Action Investigation

Migliaccio & Rathod LLP is currently investigating British Airways alleged failure to protect sensitive customer data in the wake of a massive data breach. Affected are roughly 500,000 British Airways customers who purchased a ticket between August 21st and September 5th 2018. The data breach includes names, addresses, emails, and sensitive payment information, including a card’s expiration date and Card Verification Value, or CVV. Due to similarities in the code between British Airways’ website and their mobile app, users who purchased tickets through the app were also compromised.

Medical Marijuana Data Breach Investigation

Migliaccio & Rathod LLP is currently investigating a data breach affecting medicinal marijuana dispensaries and their customers across the country. Privacy researchers at VPNMentor discovered, in December 2019, a data breach in THSuite, an Enterprise Resource Planning (ERP) software for cannabis dispensaries. VPNMentor reports over 30,000 records with sensitive personal information were exposed in the breach, which has since been closed. Although VPNMentor identifies only three dispensaries affected by the breach (Amedicanna Dispensary, Bloom Medicinals, and Colorado Grow Company), they note that most files fell outside the scope of their research and many more dispensaries were affected than those specifically named.

Health Quest Data Breach Investigation

Migliaccio & Rathod is currently investigating a data breach involving Health Quest and its parent company, Nuvance Health. First reported last year on May 31, 2019, the company’s initial disclosure stated that a phishing incident allowed unauthorized access to employee emails, and patients’ sensitive information, to include names, provider names, dates of treatment and diagnosis information, and health insurance claims information. On January 10, 2020, however, Health Quest’s patients in New York, Vermont, and Massachusetts received a letter stating that additional information may have been compromised, to include dates of birth, Social Security numbers, Medicare Health Insurance claim numbers, driver’s license numbers, provider names, dates of treatment, treatment and diagnosis information, health insurance plan member and group numbers, health insurance claims information, financial account information with PIN/security code and payment card information.