Posted On July 20, 2022 Consumer Privacy & Data Breaches
July 20, 2022 – Recently, AllOne Health Resources, Inc. filed an official notice of a data breach in the wake of an incident involving an accidental wire transfer to a fraudulently created bank account. This data security incident resulted in the names, addresses, dates of birth, driver’s license numbers, Social Security numbers, and health information of 13,669 individuals being made accessible to an unauthorized party. On July 15, 2022, AllOne Health reported the breach and began sending out data breach notification letters to all individuals impacted by the incident.
If you received a data breach notification, it is essential you understand what is at risk. The data breach lawyers at Console & Associates, P.C. are actively investigating the AllOne Health data breach on behalf of people whose information was exposed. As a part of this investigation, we are providing free consultations to anyone affected by the breach who is interested in learning more about the risks of identity theft, what they can do to protect themselves, and what their legal options may be to obtain compensation from AllOne Health Resources, Inc.
According to an official notice filed by the company, in February 2022, AllOne Health’s finance department learned that several wire transfers were inadvertently sent to a fraudulently created bank account. Upon making this discovery, the company reported the fraud to the FBI and launched an internal investigation into the incident.
During this investigation, AllOne Health learned that an unauthorized party had gained access to an employee’s email account, which they used to perpetrate the fraud. This prompted the company to review all emails and attachments in the compromised email account to determine if any consumer data was also accessible to the unauthorized party.
After a thorough review of the employee’s email account, AllOne Health confirmed that an unauthorized party had access to the email account, which contained sensitive consumer data. While the breached information varies depending on the individual, it may include your name, address, date of birth, driver’s license number, Social Security number, and health information. In total, the AllOne Health data breach is believed to have affected 13,669 people.
On July 15, 2022, AllOne Health Resources sent out data breach letters to all individuals whose information was compromised as a result of the recent data security incident.
AllOne Health Resources, Inc. is an insurance company based in Wilkes-Barre, Pennsylvania. Founded in 1971, AllOne Health provides mental health and general health benefits to more than 1 million employees across the world. AllOne Health Resources employs more than 323 people and generates approximately $112 million in annual revenue.
At Console & Associates, P.C., our consumer privacy lawyers monitor all security and data breaches to help affected consumers pursue their legal remedies. We offer free consultations to victims of data breaches and can explain your rights in clear, understandable terms so you can make an informed decision about how to proceed with your case. If you’ve been affected by the AllOne Health data breach or any other data security incident, Console & Associates, P.C., will investigate your case at no charge and offer you thorough advice about how to most effectively proceed with your case. If you decide to bring a case, we only get paid if you do. If your claim is successful, any legal fees are either paid by the defendant or come out of the funds recovered from the defendant. If your claim doesn’t result in a recovery, you will pay nothing.
Below is a copy of the initial data breach letter issued by AllOne Health Resources, Inc. (the actual notice sent to consumers can be found here):
We are writing to advise you of a data security incident that may have involved some of your personal information. AllOne Health has always taken measures to protect the privacy and security of the personal information it maintains and this is the reason that, as a precaution, we are providing you with this notification.
In February 2022, our finance group learned that certain wire transfers meant for one of our payees were unintentionally routed to a fraudulently created bank account. Immediately upon learning of this fraud, we launched an internal investigation to determine what happened and reported the theft to the FBI and local law enforcement. During our initial investigation, we learned that an unauthorized individual gained access to one of our employees’ email accounts to perpetrate the fraudulent transfers. We then retained a specialized forensic firm to assess the intrusion and to ensure that there was no further access to either the employee’s mailbox or other mailboxes or systems in our environment. That analysis revealed that while the individual gained access to limited financial documents, it appears from our investigation that the individual’s intention was to commit wire fraud. We have seen no evidence that any personal or sensitive information was acquired or sent outside of our network. However, because the unauthorized individual had access to the employee’s email account and may have viewed such information, we are sending you this notification out of an abundance of caution.
What Information Was Involved?
We have determined that the information that may have been viewed or accessed by the unauthorized individual may have included your name, address, date of birth, driver’s license number, Social Security number, and/or some limited health information. No other personally identifiable information was available, and we have no evidence that your specific information was taken from the email or that it is being used in any way by the unauthorized person.
What We Are Doing.
We have taken various measures to help ensure that all personal information in our possession is protected. Immediately after learning of the fraud, we shut down the unauthorized access, reset all company passwords, and implemented additional security measures for our systems. Although we have no indication that any of your information was actually acquired or that anyone has taken any steps to commit identity theft, to help protect your identity we are offering you one year (12 months) of complimentary credit monitoring services through myTrueIdentity. The attachment included with this letter provides details for how to use this service.
What You Can Do.
In addition to the credit monitoring services we are offering, we have prepared the attached Reference Guide to give you additional details to help you protect your personal information, including information on obtaining your free annual credit report and reporting concerns regarding identity theft. We encourage you to remain vigilant by monitoring your credit report and reviewing your account statements.
For More Information.
If you have any additional questions or concerns, please feel free to contact our toll-free line at 877-289-1884 from 9:00 a.m. – 9:00 p.m. Eastern Time, Monday through Friday.