A data breach occurs when an unauthorized third-party accesses, retrieves, or otherwise views confidential private information. Oftentimes, a data breach results from a company’s failure to properly safeguard consumer information. The breach could stem from inadequate digital security or simple employee negligence. In either case, the consequences can devastate a consumer’s privacy, financial security, and general reputation. Migliaccio & Rathod LLP’s data privacy lawyers in DC practice nationwide and are committed to providing meaningful relief for those impacted by a data breach.
Please contact our public interest lawyers for a free consultation if you believe your private information has been compromised by a data breach.
Migliaccio & Rathod LLP’s data privacy lawyers in DC are currently investigating Activision for failure to adequately safeguard user data, resulting in a data breach of Call of Duty Players. On September 20, 2020, Activision’s Call of Duty platform was hacked into and over 500,000 accounts were accessed as a result. The hack seems to be a result of a credential stuffing attack through which hackers use stolen credentials from one platform to access as many accounts as they can find with the same credentials. Impacted gamers learned that in this case hackers gained full account information and access and, in some cases, publicly released the information. Many were locked out of their accounts and those unaffected were warned by fellow gamers to change their passwords, add their own 2 factor authentication, and unlink all associated accounts as quickly as possible. If consumers used Activision login information on other sites, they were warned to additionally change and monitor those accounts as well to avoid further credential stuffing attacks.
Activision released a statement ensuring consumers that there had not been any data breach and that Call of Duty gamers information was still secure. Unfortunately, gamers experienced a very different reality in losing access to their accounts and viewing the publicly leaked accounts. Consumers allege that Activision itself does not have multi-factor authentication nor does it allow certain special characters or passwords longer than 20 characters, limiting consumers’ ability to secure their accounts.
Migliaccio & Rathod LLP’s data privacy lawyers in DC are currently investigating Epic Games, Inc. for failure to adequately safeguard the private information of over 200 million players of its popular Fortnite video game, resulting in a data breach. As part of the sign-up process to play Fortnite, players must create and maintain user accounts that contain personally identifiable information (PII) such as their names, email addresses, and, in some cases, credit or debit card information. The security vulnerability that facilitated the breach, first noticed by a cyber-security firm in 2018, allowed malicious actors to target Fortnite players with a phishing scam and quickly take over their user account even without the entry of their log-in information. Epic Games acknowledged the data breach in early 2019, but has neither offered relief to those impacted nor, for that matter, made public the number of users whose PII was potentially exposed. Many players report unauthorized credit or debit card activity related to the breach to public interest lawyers. Others remain at risk, with stolen Fortnite account information currently being sold on the dark web.
Migliaccio & Rathod LLP’s data privacy lawyers in DC are currently investigating Ledger SAS, a hardware cryptocurrency wallet maker, for failure to adequately safeguard consumer information, resulting in a data breach. Initially reported in July, the data breach involved the exposure of the more than one million email addresses subscribed to Ledger’s newsletter, as well as more detailed contact information for the 272,853 customers who purchased a Ledger device.
On December 21st, a threat actor shared both sets of stolen information on a well-known hacker forum for free. Other cybersecurity analysts believe the information was already being sold privately, starting in August 2020. Since October 2020, many Ledger users have been targeted by elaborate phishing scams seeking to gain access to their 24-word recovery phrases, which would allow hackers to then steal their cryptocurrency assets. (The 24-word recovery phrase was not compromised in the earlier data breach.)
Migliaccio & Rathod LLP’s data privacy lawyers in DC are currently investigating Munson Healthcare for failure to adequately safeguard consumer information, resulting in a data breach. Various Munson employees fell victim to a phishing scam, which resulted in exposure of patient information to potentially malicious actors. The information shared includes names, dates of birth, insurance information, and treatment and diagnostic information. In some cases, patients’ financial account, driver’s license, and Social Security numbers were also compromised by the breach, which occurred between July 31 and October 22, 2019.
Migliaccio & Rathod LLP’s data privacy lawyers in DC are currently investigating Fifth Third Bank for the failure to safeguard customer data, resulting in recent data theft. Investigations confirm that internal employees perpetrated the theft of personal information, including Social Security numbers, driver’s license information, and account numbers. The employees, who have since been fired and are now under criminal investigation, participated in a fraud ring that had actively shared customer info with outside actors since 2018. At least one hundred customers have experienced known fraud. The Consumer Federation of America, an association of non-profit consumer organizations based in Washington D.C., decried Fifth Third’s letter to customers outlining the situation as “vague and deceptive.”
Migliaccio & Rathod LLP’s data privacy lawyers in DC are currently investigating a data breach that affected approximately 10.7 million hotel guests. MGM realized a breach had occurred when it discovered unauthorized access to a cloud server. Affected guest information includes full names, phone numbers, addresses, emails, and dates of birth. Though the breach occurred last Summer 2018, accessed information was published earlier this week (Feb. 17-21, 2020) on a hacking forum, thus making publicly available the contact information for millions of people. This, in turn, increases the threat of future hacking and phishing attempts for those affected. MGM’s hotels include the Bellagio, Aria, MGM Grand, Mandalay Bay, Park MGM, Mirage, New York New York, Luxor and Excalibur in Las Vegas.
Migliaccio & Rathod LLP’s data privacy lawyers in DC are currently investigating a data breach that occurred in the Iowa Monroe County Hospital & Clinics. Approximately 7,500 were notified of a breach that may have led to the unauthorized access of their individual health information. The breach was the result of a compromised email system that was discovered on December 19, 2019. Employee accounts became accessible between October 28, 2019 and January 20, 2020 to outside individuals. Through this breach, patients’ full names, dates of birth, addresses, insurance information, clinical information and potentially Social Security Numbers, driver’s license numbers, or financial accounts were made vulnerable to unauthorized access.
Migliaccio & Rathod LLP’s data privacy lawyers in DC are currently investigating the Rutter’s chain of convenience stores for failing to safeguard customer data. Malware was used to break into the payment system used in the stores and on gas pumps. Customers’ cardholder names, card numbers, expiration dates, and verification codes, for those credit cards used without the security chip, were stolen. Credit cards with the security chip only had card numbers and expiration dates taken. Dozens of locations across central Pennsylvania’s Susquehanna Valley were affected. The information was taken between August 2018 and May 2019. Rutter’s created a website to help customers determine whether they might have been affected, and is available here.
Migliaccio & Rathod LLP’s data privacy lawyers in DC are currently investigating Cathay Pacific’s alleged failure to protect sensitive customer data in the worst ever airline data hack. Affected are roughly 9.4 million Cathay Pacific customers whose passport information, including identity card numbers, names, dates of birth, postal addresses, and historical travel information may all have been compromised. Passwords, the airline said, were not compromised. Despite the breach occurring in March of 2018, the airline did not make information public until later that year, in October 2018.
Migliaccio & Rathod LLP’s data privacy lawyers in DC are currently investigating British Airways alleged failure to protect sensitive customer data in the wake of a massive data breach. Affected are roughly 500,000 British Airways customers who purchased a ticket between August 21st and September 5th 2018. The data breach includes names, addresses, emails, and sensitive payment information, including a card’s expiration date and Card Verification Value, or CVV. Due to similarities in the code between British Airways’ website and their mobile app, users who purchased tickets through the app were also compromised.
Migliaccio & Rathod LLP’s data privacy lawyers in DC are currently investigating a data breach affecting medicinal marijuana dispensaries and their customers across the country. Privacy researchers at VPNMentor discovered, in December 2019, a data breach in THSuite, an Enterprise Resource Planning (ERP) software for cannabis dispensaries. VPNMentor reports over 30,000 records with sensitive personal information were exposed in the breach to public interest lawyers, which has since been closed. Although VPNMentor identifies only three dispensaries affected by the breach (Amedicanna Dispensary, Bloom Medicinals, and Colorado Grow Company), they note that most files fell outside the scope of their research and many more dispensaries were affected than those specifically named.
Migliaccio & Rathod LLP’s data privacy lawyers in DC are currently investigating a data breach involving Health Quest and its parent company, Nuvance Health. First reported to public interest lawyers last year on May 31, 2019, the company’s initial disclosure stated that a phishing incident allowed unauthorized access to employee emails, and patients’ sensitive information, to include names, provider names, dates of treatment and diagnosis information, and health insurance claims information. On January 10, 2020, however, Health Quest’s patients in New York, Vermont, and Massachusetts received a letter stating that additional information may have been compromised, to include dates of birth, Social Security numbers, Medicare Health Insurance claim numbers, driver’s license numbers, provider names, dates of treatment, treatment and diagnosis information, health insurance plan member and group numbers, health insurance claims information, financial account information with PIN/security code and payment card information.