Posted On April 12, 2023 Consumer Privacy & Data Breaches
April 12 – After confirming that unauthorized parties gained access to some files containing personal client data as a result of a cyberattack, 90 Degree Benefits’ Minnesota and Wisconsin sites filed a notice of data breach with the Attorney General of Maine on April 7, 2023. According to the company’s filing, the breach led to an unauthorized party acquiring access to 181,543 customers’ personal information, including names, dates of birth, addresses, Social Security numbers, payment information for healthcare services, and health and medical information. 90 Degree Benefits began distributing data breach notification letters to all persons affected by the recent data security incident after it was confirmed that customer data was compromised.
Anybody who has received a data breach notification should know exactly what is at stake. Console & Associates, P.C., data breach lawyers representing victims of data breaches, are currently looking into the 90 Degree Benefits hack on behalf of those whose personal information may have been compromised. As part of our inquiry, we are offering complimentary consultations to anyone impacted by the breach who is curious about their exposure to identity theft, what they can do to protect themselves, and whether or not they have grounds to sue 90 Degree Benefits for damages.
The Birmingham, AL-based health insurance provider 90 Degree Benefits partners with businesses to provide employees with individualized health insurance plans. Traditional self-funded plans, level-funded plans, consumer-driven health plans, and minimum essential coverage plans are only some of the options offered by the company. 90 Degree Benefits’ brings in about $158 million a year in sales, and the company employs more than 170 individuals.
90 Degree Benefits reportedly discovered malicious behavior on its network around December 10, 2022, as detailed in a document filed with the Attorney General of Maine. Since then, the firm has been conducting a review into the event to learn more about what transpired and whether or not any customer information was exposed.
According to the 90 Degree Benefits investigation, between December 5, 2022 and December 11, 2022, unauthorized users accessed a number of files containing personal information belonging to persons connected to 90 Degree Benefits through their employment.
After learning that private customer information had fallen into the wrong hands, 90 Degree Benefits launched a thorough investigation of the compromised files to ascertain what data had been exposed and how many customers had been affected. Your name, date of birth, address, Social Security number, payment information for healthcare services, and health and medical information may have been compromised; however, the specifics vary from person to person.
All customers whose personal information was affected in the recent data security incident at 90 Degree Benefits received breach notification letters on April 7, 2023.
Over 420 million people in 2022 were affected by data breaches. That’s a record for any calendar year. Moreover, early projections for 2023 do not bode well for a decrease in breaches.
While most individuals have heard of a data breach, few realize the extent to which identity theft may disrupt their lives. However, considering the prevalence of data breaches, it is crucial that all consumers learn what they can do to safeguard themselves in the event that they, too, fall victim to a data breach.
Data breaches are perpetrated by hackers with the sole purpose of stealing sensitive customer information that can be used for identity theft or sold on the dark web for a profit. Consumers can do little to stop data breaches from happening, but they can lessen their vulnerability to fraud and identity theft by taking certain precautions.
The following is not an all-inclusive list of things to do after discovering a data breach. If a breach exposed sensitive information like your financials or identifying data like your Social Security number, you may want to take extra precautions.
A data breach letter will be mailed to you once a data breach has occurred at the company. These letters explain the occurrence, what led up to it, what the company has done to prevent future breaches, and whether or not the company has received any reports of fraud or identity theft from other victims. Accordingly, the first step is to read the data breach notification thoroughly and figure out if and what information was exposed.
After a data breach, it’s critical to change the passwords to any and all online accounts that may have been compromised. Changing the passwords for just the compromised accounts is tempting, but hackers who gain access to your social network or online store accounts may be able to access even more of your personal information.
In order to prevent their victims from closing their accounts, hackers typically make haste to exploit stolen information. However, depending on the breach, hackers could require extra information to carry out the crimes they intend to perpetrate. In many cases, hackers may be unable to use the compromised data for several weeks or months. By this stage, consumers have typically lowered their guard, making them an easy target for hackers. As a result, you should monitor your accounts sometimes for a couple of months following the hack.
Many businesses that have experienced a data breach provide credit monitoring, which notifies you of any unusual behavior on your credit report. The average monthly fee for credit monitoring services is $20-$40. But in many cases, businesses will offer victims of a data leak free credit monitoring for a year or two. In fact, 90 Degree Benefits is offering free credit monitoring for a year to affected individuals. You can easily keep an eye on your credit profile without spending a dime by signing up for credit monitoring. Taking advantage of a company’s offer of free credit monitoring does not, however, waive your ability to sue that organization for negligence resulting in a data breach.
The three major credit bureaus all provide free fraud alerts and credit freezes. By placing a fraud alert, you tell businesses who draw your credit that you suspect a third party is attempting to use your information fraudulently. With a credit freeze in place, no one may access your credit report without your express permission. Putting a credit freeze on your account is the greatest approach to protect yourself from identity theft in the wake of a data breach, as the Identity Theft Resource Center has stressed on numerous occasions.
The consumer privacy lawyers at Console & Associates, P.C. help customers affected by data and security breaches pursue legal solutions by offering free consultations. By explaining your rights in clear, concise terms, we help you make an informed decision about your next steps. If you are a victim of the 90 Degree Benefits’ Minnesota and Wisconsin data breach, Console & Associates, P.C. will investigate at no charge to you and offer advice on how to proceed. If you decide to pursue a case, rest assured that we don’t get paid unless you do. If your claim is successful, legal fees are either paid out of the funds recovered or by the defendant. If your claim is not successful, you pay nothing.
Below is a portion of the letter sent to affected individuals:
We are writing to inform you of a recent incident at 90 Degree Benefits, Inc.’s Wisconsin location, formerly EBSO, Inc. (“90 Degree Benefits-Wisconsin”), that may have impacted your information. 90 Degree Benefits-Wisconsin is committed to the privacy and security of all information in our possession. This is why we are writing to notify you of this incident, to offer you complimentary identity monitoring services, and to inform you about steps that can be taken to help safeguard your personal information.
What Happened: On or about December 10, 2022, 90 Degree Benefits-Wisconsin identified suspicious network activity that impacted certain computer systems. Upon discovering this, we immediately launched an investigation with the assistance of a leading independent digital forensics firm to determine what happened and whether information had been accessed or acquired without authorization. While our investigation remains ongoing, we recently confirmed that certain systems and files containing information belonging to individuals were accessed without authorization between December 5, 2022 and December 11, 2022.
What Information Was Involved: The information may have included your name, address, date of birth, Social Security number, medical/health information, and/or information related to the payment of healthcare services. We are not aware of any actual or attempted misuse of your information as a result of this incident.
What We Are Doing: As soon as we discovered this incident, we launched an investigation and took steps to secure our environment, including by implementing enhanced security measures to help prevent a similar incident from occurring in the future. We also notified the Federal Bureau of Investigation and are fully cooperating with their investigation. Additionally, we are providing you with information on steps you can take to help protect your personal information and offering you complimentary identity monitoring and protection services through IDX. Additional information about these services and how to enroll is included with this letter.
What You Can Do: We encourage you to remain vigilant against incidents of identity theft and fraud by reviewing your account statements and explanation of benefits and monitoring your free credit reports for suspicious activity and to detect errors. You may also review the information contained in the attached Steps You Can Take to Help Protect Your Personal Information. You can also enroll in the complimentary services being offered to you. Activation instructions and a description of the services being provided are included with this letter.
For More Information: If you have questions or need assistance, please contact 1-833-753-4468, Monday through Friday from 8:00 a.m. to 8:00 p.m. Central Time, excluding major U.S. holidays. Our representatives are fully versed on this incident and can help answer questions you may have regarding the protection of your information. You may also write to us at 7020 N. Port Washington Road, Suite 206, Milwaukee, WI 53217.
Please accept our sincere apologies and know that we deeply regret any inconvenience that this may cause you.