Consumer Privacy & Data Breaches

October 7, 2022 – Recently, Northern Data Systems, Inc. filed notice of a data breach with the Massachusetts Attorney General after an unauthorized party was able to gain access to the company’s IT network. Based on the company’s official filing, the incident resulted in an unauthorized party gaining access to consumers’ names, Social Security numbers, phone numbers, addresses, driver’s license numbers, medical information and financial information.

On October 4, 2022, Columbia River Mental Health Services filed notice of a data breach with the Montana Attorney General after the company learned that an unauthorized party gained access to employee email accounts for a period of more than a year. Based on the company’s official filing, the incident resulted in an unauthorized party gaining access to consumers’ names, addresses, Social Security numbers, driver’s license

On September 21, 2022, Mount Vernon Mills filed notice of a data breach with the office of the Maine Attorney General after the company learned it was the target of a recent cyberattack. Based on the company’s official filing, the incident resulted in an unauthorized party gaining access to the names, Social Security Numbers, birth dates, and addresses of employees, retirees and beneficiaries who participate in or

On September 30, 2022, Chemonics International, Inc. filed notice of a data breach with various state government entities after the company learned that an unauthorized party had gained access to sensitive consumer data stored on its servers. Based on the company’s official filing, the incident resulted in an unauthorized party gaining access to consumers’ names, Social Security numbers, financial account numbers, medical information, health insurance information,

On September 28, 2022, focusIT, Inc. filed notice of a data breach with the Attorney General of Montana after an unauthorized party gained access to the company’s computer network. Based on the company’s official filing, the incident resulted in an unauthorized party gaining access to consumers’ names, Social Security numbers, addresses and dates of birth. After confirming that consumer data was leaked, focusIT began sending out

On September 23, 2022, Physician’s Business Office (“PBO”) filed notice of a data breach with several Attorney General Offices after the company learned that an unauthorized party had gained access to the PBO computer system. Based on the company’s official filing, as well as information provided in a notice posted on the PBO website, the incident resulted in an unauthorized party gaining access to consumers’ names, addresses,

On September 30, 2022, Anthem MaineHealth (“AMH Health”) filed notice of a data breach with the Office of the Maine Attorney General after the company learned that patient data was leaked related to a data security incident at Choice Health, one of AMH Health’s vendors. Based on the company’s official filing, the incident resulted in an unauthorized party gaining access to consumers’ names, Social Security numbers,

On September 28, 2022, Northern California Fertility Medical Center (“NCFMC”) filed notice of a data breach with various state attorneys’ general offices after the company experienced what appears to have been a ransomware attack. Based on the company’s official filing, the incident resulted in an unauthorized party gaining access to consumers’ names and protected health information. After confirming that consumer data was leaked, NCFMC began sending out

On September 16, 2022, Country Doctor Community Clinic (“CDCC”) filed notice of a data breach with the U.S. Department of Health and Human Services Office for Civil Rights after the company experienced a hacking/IT incident. However, news of the Country Doctor Community Doctor Clinic breach is still fresh, and the company has yet to post notice of the incident on its website. Thus, it remains unknown what

On September 15, 2022, the Neurology Center of Nevada (“NCNV”) reported a data breach with the U.S. Department of Health and Human Services Office for Civil Rights, impacting the sensitive information of 11,700 patients. Based on an official filing from the company, the incident resulted in an unauthorized party gaining access to the following data belonging to certain patients: full names, addresses, dates of birth, genders,

On September 23, 2022, FMC Services, LLC (“FMC”) reported a data breach with the U.S. Department of Health and Human Services Office for Civil Rights after the company was the target of a recent cyberattack. Based on an official filing from the company, the incident resulted in an unauthorized party gaining access to the following data types: names, mailing addresses, dates of birth, Social Security numbers,

On September 23, 2022, Diodes Incorporated reported a data breach with the Attorney General of Texas after sensitive consumer information that was entrusted to the company was leaked to an unauthorized party. Based on an official filing from the company, the incident resulted in an unauthorized party gaining access to the following data types: names, addresses, Social Security numbers, driver’s license numbers, state identification numbers, health

On September 23, 2022, Apex Capital Corp. filed notice of a data breach with the Attorney General of Texas after the company learned that a data breach compromised the sensitive information of certain consumers that was entrusted to Apex Capital. Based on an official filing from the company, the incident resulted in an unauthorized party gaining access to the following data types: names, addresses and Social Security

On September 21, 2022, Humana reported a data breach with the Office of the Maine Attorney General after the company learned through one of its vendors that certain customers’ information was leaked after an apparent ransomware attack targeting the vendor’s computer system. Based on an official filing from the company, the incident resulted in an unauthorized party gaining access to the following data types: first and last

On August 25, 2022, New York Racing Association (“NYRA”) reported a data breach with the Office of the Vermont Attorney General after the organization experienced a ransomware attack targeting sensitive information on its computer network. Based on an official filing from the company, the incident resulted in an unauthorized party gaining access to the following information related to some current and former employees: first and last names,