Posted On September 20, 2022 Consumer Privacy & Data Breaches
On September 16, 2022, Berry, Dunn, McNeil & Parker, LLC reported a data breach with the Montana Attorney General’s Office after the company learned that an unauthorized party had gained access to an employee’s email account. The official filing from the company does not indicate what type of data was leaked; however, based on state data breach reporting requirements, it appears likely that the breach involved consumers’ names, as well as their Social Security numbers, driver’s license numbers, state identification numbers, protected health information or financial account information. After confirming that consumer data was leaked, Berry Dunn began sending out data breach notification letters to all individuals who were impacted by the recent data security incident.
If you received a data breach notification, it is essential you understand what is at risk. The data breach lawyers at Console & Associates, P.C. are actively investigating the Berry Dunn data breach on behalf of people whose information was exposed. As a part of this investigation, we are providing free consultations to anyone affected by the breach who is interested in learning more about the risks of identity theft, what they can do to protect themselves, and what their legal options may be to obtain compensation from Berry, Dunn, McNeil & Parker, LLC.
According to an official notice filed by the company, on June 8, 2022, Berry Dunn began receiving reports from customers about unusual emails that appear to have been sent from a company email address. The company’s investigation revealed that the emails were sent from an account outside the organization. However, it also confirmed that a single employee’s email address was subject to unauthorized access and that this email account contained sensitive consumer information.
While the company did not elaborate on the type of information that was subject to unauthorized access, under Montana data breach laws, companies only need to report a breach if it involved consumers’ names, in addition to one or more of the following:
On September 16, 2022, Berry, Dunn, McNeil & Parker sent out data breach letters to all individuals whose information was compromised as a result of the recent data security incident.
At Console & Associates, P.C., our consumer privacy lawyers monitor all security and data breaches to help affected consumers pursue their legal remedies. We offer free consultations to victims of data breaches and can explain your rights in clear, understandable terms so you can make an informed decision about how to proceed with your case. If you’ve been affected by the Berry Dunn data breach or any other data security incident, Console & Associates, P.C., will investigate your case at no charge and offer you thorough advice about how to most effectively proceed with your case. If you decide to bring a case, we only get paid if you do. If your claim is successful, any legal fees are either paid by the defendant or come out of the funds recovered from the defendant. If your claim doesn’t result in a recovery, you will pay nothing.
Below is a copy of the initial data breach letter issued by Berry, Dunn, McNeil & Parker, LLC (the actual notice sent to consumers can be found here):
We are writing to let you know about a data security incident that may have impacted your personal information. Berry, Dunn, McNeil & Parker, LLC (“Berry Dunn”) provides accounting and auditing services to customers. We may have your information if [Redacted] provided your information to us in the course of obtaining our services. We take the privacy and security of your information seriously, and sincerely apologize for any concern or inconvenience this may cause you. This letter contains information about steps you can take to protect your information, and resources we are making available to help you.
On June 8, 2022, we received reports from some of our clients about unusual emails that they received from what appeared to be a BerryDunn email account. We immediately investigated the unusual activity, implemented our incident response protocols, and determined that these emails originated from an account outside our organization. We also hired external computer forensic specialists to determine what occurred and what data may have been impacted. The investigation found that there had been unauthorized access to one employee’s email account. These forensic specialists reported findings to us on August 1, 2022. As part of the inquiry, the external forensic specialists conducted a review of the contents of that email account to determine what information may have been affected. The investigation found that information provided to us by [Redacted] was located within the affected email account. While there is no evidence that any of your information was viewed, copied, removed, or otherwise accessed by unauthorized actors we wanted to inform you of this incident out of an abundance of caution.
What Information Was Involved?
Your information that was found to be present in the email account at the time of the account includes your name and the following data elements: [Redacted].
What We Are Doing:
Data security is one of our highest priorities. We want to assure you that we are taking steps to prevent a similar incident from happening in the future. Upon initial investigation, we isolated the unauthorized access to one account and reset the user’s credentials.
In addition, we are offering identity theft protection services through IDX the data breach and recovery services expert, at no charge to you. IDX identity protection services include: 24 months of credit and CyberScan monitoring, a $1,000,000 insurance reimbursement policy, and fully managed ID theft recovery services. With this protection, IDX will help you resolve issues if your identity is compromised.
What You Can Do:
It is always a good idea to review your credit reports, bank account and other financial statements, and immediately contact your financial institution if you identify suspicious activity. We encourage you to contact IDX with any questions and to enroll in the free identity protection services by calling [Redacted] or going to [Redacted] and using the Enrollment Code provided above. IDX representatives are available Monday through Friday from 9 am – 9 pm Eastern Time. Please note the deadline to enroll is December 16, 2022. You will need to reference the enrollment code at the top of this letter when calling or enrolling online, so please do not discard this letter.
Additional information about protecting your identity is included in this letter, including recommendations by the Federal Trade Commission regarding identity theft protection and details on how to place a fraud alert or a security freeze on your credit file.
For More Information:
If you have any questions or concerns, please call [Redacted] Monday through Friday from 9 am – 9 pm Eastern Time. Your trust is our top priority, and we deeply regret any inconvenience or concern that this matter may cause you.