Consumer Privacy & Data Breaches

April 15 – After discovering on March 30, 2023 that sensitive customer data in its possession had been breached, Santa Clara Family Health Plan (SCFHP) notified the Office for Civil Rights of the United States Department of Health and Human Services. According to the company’s official report, the breach exposed users’ protected health information, which may include medical records, current and former prescriptions, health insurance information, and

April 15 – After discovering on April 11, 2023 that an employee’s credentials had been used to access client 2021 tax filings, resulting in false 2022 tax returns being filed on behalf of select patients, Harding, Shymanski & Company, PSC (HSC) notified the Montana Attorney General of a data breach. According to the official report filed by the firm, the event led to the exposure of customers’

April 15 – After discovering on April 12, 2023 that sensitive employee data had been exposed due to a “network interruption,” Unlimited Care, Inc. (UCI) notified the Attorney General of Maine of the breach. The firm has reported that due to the breach, someone gained access to the names, addresses, Social Security numbers, and birth dates of its customers. UCI started mailing data breach notification letters

April 14 – Following a cyberattack on April 10, 2023, Retina & Vitreous of Texas, PLLC discovered that sensitive patient information had been compromised and filed a report of data breach with the Texas Attorney General. According to the company’s report, the incident led to the exposure of customers’ personal information, including names, Social Security numbers, DMV records, addresses, health insurance details, and protected health information.

April 14 – Kibble Equipment (Kibble) notified the Montana Attorney General of a data breach on April 10, 2023, after discovering that data stored in Rackspace Cloud Services had been breached by a third party. According to Rackspace’s official filing, the incident led to an unauthorized third party getting access to the sensitive information of its customers; nevertheless, the specific details of this leak remain unknown. When

April 14 – Yum! Brands, Inc. discovered on April 7, 2023 that it had been the target of a ransomware attack, which resulted in the compromise of data belonging to customers of the company. Yum! Brands promptly notified the Attorney General of Maine of the data breach, and the notice filing took place on April 7. According to the report provided by the corporation, the event led

April 12 – Woodward Communications, Inc. (Woodward) reported a data breach to the Attorney General of Maine on April 5, 2023, following a cybersecurity incident that exposed customer data. According to the company’s official report, the incident led to the disclosure of customers’ names and Social Security numbers to a third party. After it was determined that customer information had been compromised, Woodward began notifying those whose

April 14 – After discovering that hackers had gained access to sensitive customer data stored on the company’s systems for two weeks, Harrington Raceway and Casino (Harrington Raceway) notified the Attorney General of Maine on April 10, 2023. According to the company’s complaint, the event led to the exposure of customers’ names, addresses, phone numbers, email addresses, birth dates, Social Security numbers, government ID numbers, military

April 13 – The data breach lawyers at Console & Associates, P.C. are investigating the PharMerica data breach. On April 8, 2023, the Money Message ransomware group included PharMerica among its victims, prompting claims of a data breach at the company. Very little is known about the data breach beyond what the hackers have claimed due to the announcement of the breach being so recent. However, it’s

April 13 – After a cyber event exposed the personal information of over 20,000 clients on April 7, 2023, HawaiiUSA Federal Credit Union (HawaiiUSA) notified the Attorney General of Maine of the breach. According to the company’s filing, a third party gained access to the personal information of some of its customers as a result of the event. After it was determined that customer information had been

April 13 – After being the target of a cyberattack that exposed sensitive customer data, Baldor Specialty Foods notified the Maine Attorney General’s office of the incident on April 7, 2023. According to the company’s official report, the breach allowed an outsider to obtain access to the personal information of some of its customers, including their names, birthdays, residences, Social Security numbers, and information connected to

April 13 – Following a data breach at Fortra, one of Brightline, Inc.’s vendors, on April 7, 2023, the firm notified the Maine Attorney General’s Office of the incident. According to the company’s official report, the breach exposed customers’ names, birthdays, phone numbers, addresses, employers’ names and group identification numbers, member IDs, and coverage start and end dates. After it was determined that customer information had been

April 12 – After confirming that unauthorized parties gained access to some files containing personal client data as a result of a cyberattack, 90 Degree Benefits’ Minnesota and Wisconsin sites filed a notice of data breach with the Attorney General of Maine on April 7, 2023. According to the company’s filing, the breach led to an unauthorized party acquiring access to 181,543 customers’ personal information, including

April 12 – After hearing about a data breach at one of Webster Bank’s vendors, Guardian Analytics, Inc., on April 10, 2023, Webster Bank notified the Maine Attorney General that a data breach had occurred. According to the report filed by the corporation, the event led to the exposure of 191,563 customers’ personal information, including names, account numbers, and Social Security numbers. Webster Bank began

April 12 – After discovering that over 623,000 people’s personal information had been exposed by a ransomware attack, CommonSpirit Health, on April 6, 2023, notified the Montana Attorney General of the breach. According to the formal report filed by the business, the event led to the exposure of consumers’ personal information, including names, birth dates, addresses, email addresses, telephone numbers, Social Security numbers, and protected health