Posted On July 18, 2022 Consumer Privacy & Data Breaches
July 18, 2022 – American Dental Association (“ADA”) reported a data breach after the company was targeted in a recent cybersecurity attack. As a result of the breach, an unauthorized party gained access to sensitive consumer data contained on the ADA’s network. Although the ADA has not publicly disclosed which data types were leaked; the hackers posted some of the stolen data on the dark web. The posted data appears to belong to dentists and includes W2 forms, non-disclosure agreements, accounting spreadsheets, and information on ADA members. The American Dental Association sent out data breach letters to those individuals whose information was affected by the breach although they have not reported how many individuals were affected.
The data breach lawyers at Console & Associates, P.C. are going to begin interviewing victims of the breach to determine what damages they sustained and what legal claims may be available to them. If you recently received a NOTICE OF DATA BREACH from the American Dental Association, contact us at (866) 778-5500 to discuss your legal options, or submit a confidential contact form for a free case evaluation.
Below is a portion of the letter that American Dental Association sent to individuals affected by the data breach:
Dear [Redacted],
The American Dental Association (“ADA”) writes to inform you of an incident that may affect the security of some of your personal information. This notice provides information about the incident, our response, and resources available to you to help protect your information from possible misuse, should you feel it necessary to do so.
What Happened?
On or about April 21, 2022, ADA experienced a disruption to certain computer systems following a sophisticated cyber-attack involving ransomware. We immediately launched an investigation, working with outside cybersecurity specialists to ensure the security of our system moving forward and confirm the nature and scope of this event. On or about April 27, 2022, we determined that certain information on ADA’s systems were accessed and/or acquired by an unauthorized actor. We continued our investigation to understand the nature and scope of what occurred, what information was stored on impacted systems at the time of the incident, and to whom that information relates. This process was completed on June 10, 2022. ADA worked diligently to locate address information for the potentially affected individuals and just recently completed that effort.
What Information Was Involved?
At this time, there is no evidence that any of your personal information has been misused. However, the investigation determined that your name and the following types of personal information related to you were present in the files and folders accessed and/or acquired by the unauthorized actor at the time of the incident: [Redacted].
What We Are Doing.
We take this incident and the security of personal information in our care seriously. Upon learning of this incident, we moved quickly to investigate and respond, to assess the security of relevant systems, and to reset relevant account passwords. As part of our ongoing commitment to the security of information, we are also reviewing and enhancing existing policies and procedures to reduce the likelihood of a similar future event. ADA notified law enforcement of this incident and will notify relevant state and federal regulators, as appropriate.
We are also offering you access to complimentary credit monitoring and identity protection services for 12 months through Experian. These services include fraud consultation and identity theft restoration services. If you wish to activate the credit monitoring and identity protection services, you may follow the instructions included in the Steps You Can Take to Help Protect Personal Information.
What You Can Do.
As mentioned previously, there is no evidence to date that any of your personal information has been misused. However, we encourage you to remain vigilant against incidents of identity theft and fraud, and to review your account statements and credit reports for suspicious activity. Additionally, we recommend following best practices when viewing any suspicious emails, including carefully reviewing the email address and domain from the sender, and to refrain from clicking any links provided in unsolicited emails. You may also review the information contained in the attached Steps You Can Take to Help Protect Personal Information. There you will also find more information on the credit monitoring and identity protection services we are making available to you. While ADA will cover the cost of these services, you will need to complete the activation process.
For More Information.
We understand that you may have questions about this incident that are not addressed in this letter. If you have additional questions, please contact [Redacted]. We sincerely regret any inconvenience or concern this incident may have caused.
