Posted On December 9, 2022 Consumer Privacy & Data Breaches
On December 5, 2022, Black, Gould & Associates, Inc. (“BGA”) filed notice of a data breach with the attorneys general of several states after confirming that an unauthorized party had gained access to sensitive consumer information stored on the company’s computer system. Based on the company’s official filing, the incident resulted in an unauthorized party gaining access to consumers’ first and last names, Social Security numbers, dates of birth, and addresses. After confirming that consumer data was leaked, BGA began sending out data breach notification letters to all individuals who were impacted by the recent data security incident.
If you received a data breach notification, it is essential you understand what is at risk. The data breach lawyers at Console & Associates, P.C. are actively investigating the BGA data breach on behalf of people whose information was exposed. As a part of this investigation, we are providing free consultations to anyone affected by the breach who is interested in learning more about the risks of identity theft, what they can do to protect themselves, and what their legal options may be to obtain compensation from Black, Gould & Associates, Inc.
The available information regarding the Black, Gould & Associates breach comes from the company’s filing with the Attorney General of Maine as well as a BGA press release describing the incident. According to these sources, recently, BGA detected a potential data security issue within its computer system. In response, the company launched an investigation with the assistance of third-party digital forensics specialists in hopes of learning more about the nature and scope of the incident, as well as whether any sensitive information in BGA’s care was subject to unauthorized access.
The BGA investigation confirmed that an unauthorized party was able to access the company’s computer network between August 31, 2022 and September 10, 2022. It was also determined that some of the files that were accessible to the unauthorized party contained confidential information belonging to certain individuals who purchased an insurance policy from a broker or agent affiliated with CGA.
Upon discovering that sensitive consumer data was made available to an unauthorized party, Black, Gould & Associates began to review the affected files to determine what information was compromised and which consumers were impacted. On September 21, 2022, BGA was able to determine which individuals’ information was included in the affected files. While the breached information varies depending on the individual, it may include your first and last name, Social Security number, date of birth, and address.
On December 5, 2022, Black, Gould & Associates sent out data breach letters to all individuals whose information was compromised as a result of the recent data security incident. The Maine Attorney General’s “Data Breach Notifications” page indicates that 42,568 people’s information was leaked as a result of the Black, Gould & Associates data breach.
Black, Gould & Associates, Inc. is an insurance services company based in Phoenix, Arizona. The company provides insurance agents and brokers with backroom services enabling them to serve their clients more efficiently. The company offers insurance products through Aetna, Aflac, All Savers, Allwell, Ambetter, Amerigroup, Ameritas, Apex, Assurant, Blue Cross Blue Shield, Cigna, Colonial Life, Humana, Lifelock, MetLife, Mutual of Omaha, Sightcare, Transamerica, United Concordia, United Healthcare and more. Black, Gould & Associates employs more than 53 people and generates approximately $21 million in annual revenue.
Data breaches put your sensitive information in the hands of the criminals that orchestrated the cyberattack leading to the breach. What hackers plan to do with your information depends on the type of information, but one of the biggest reasons hackers carry out these attacks is to commit fraud against the individuals whose information they obtain. That being the case, as soon as you learn about a data breach, it is important to do everything possible to protect yourself.
Below is a list of things to do after receiving a data breach letter. While this list provides general guidance, you may wish to take additional precautions if a breach leaked highly sensitive information, such as your Social Security number or financial account numbers.
After experiencing a data breach, the law requires a company to provide notice to anyone affected by the incident. So, the first thing to do after receiving a data breach letter is to carefully review the document to determine whether your information was leaked and, if so, what information was involved. Data breach letters also contain important information about how the unauthorized party accessed your information, what the company has done since it learned about the breach to prevent future leaks, and whether there have been any reports of identity theft or fraud from other victims. Data breach letters also include a phone number to call if you have any questions that were not answered in the letter.
While it is imperative to immediately check up on all your credit card and bank accounts after a data breach, it is equally important to continue periodically reviewing your statements. Typically, hackers try to use stolen information as soon as possible because this increases the chance that the account will still be open. However, sometimes it may take hackers to acquire additional information they need to carry out identity theft or other crimes in your name. For this reason, it may not be until weeks or months after a breach that hackers can use the stolen information. Therefore, it is essential that you frequently check all your online accounts to monitor for any suspicious activity.
Credit monitoring is a fee-based service provided by several different companies that alerts you to any suspicious activity on your credit profile. If you wanted to purchase credit monitoring on your own, it would run you about $20 to $40 per month. However, companies usually offer victims of a data breach free credit monitoring for a period of time—usually between one to two years. Indeed, Black, Gould & Associates, Inc. is providing victims of the breach with this service for 24 months at no cost. Signing up for credit monitoring is simple, and doing so provides you with an easy way to keep an eye on your credit profile. Moreover, enrolling in credit monitoring does not impact your ability to file a data breach lawsuit against a company that leaked your information.
Fraud alerts and credit freezes are two free services offered by the three major credit bureaus (TransUnion, Equifax, and Experian). A fraud alert lets any company that pulls your credit know that you suspect someone is trying to fraudulently use your information. A credit freeze offers an additional layer of protection by preventing any company from pulling your credit without your advance approval. The Identity Theft Resource Center has repeatedly explained that placing a credit freeze on your credit account is the single best way to prevent fraud after a data breach.
At Console & Associates, P.C., our consumer privacy lawyers monitor all security and data breaches to help affected consumers pursue their legal remedies. We offer free consultations to victims of data breaches and can explain your rights in clear, understandable terms so you can make an informed decision about how to proceed with your case. If you’ve been affected by the BGA data breach or any other data security incident, Console & Associates, P.C., will investigate your case at no charge and offer you thorough advice about how to most effectively proceed with your case. If you decide to bring a case, we only get paid if you do. If your claim is successful, any legal fees are either paid by the defendant or come out of the funds recovered from the defendant. If your claim doesn’t result in a recovery, you will pay nothing.
To schedule your free consultation, just call (866) 778-5500 today or fill out our secure contact form.
Below is a copy of the press release describing the incident, issued by Black, Gould & Associates, Inc. (the actual notice sent to consumers can be found here):
Dear [Redacted],
Black, Gould & Associates, Inc. (“BGA”) is providing notice of a recent incident that may impact the privacy of certain individuals’ personal information. This notice provides information about the incident, BGA’s response to it, and resources available to assist individuals in safeguarding their information, should they feel it necessary to do so. BGA values and respects the confidentiality, privacy, and security of the information within its care.
What Happened? BGA recently experienced a security incident that resulted in unauthorized access to certain computer systems within its network. BGA immediately launched an investigation with assistance from third-party digital forensics specialists to determine the nature and scope of the incident. Through the investigation, BGA identified unauthorized access within our environment between August 31, 2022 and September 10, 2022. BGA undertook a thorough review of the potentially affected files to determine whether any potentially sensitive information was present within them. On September 21, 2022, BGA confirmed the population of individuals whose information was included in the affected files. On October 13, 2022, BGA notified relevant brokers that certain information may have been impacted. After confirming with its brokers, BGA then proceeded promptly with direct notifications to individuals for whom address information was available.
What Information Was Involved? BGA’s investigation determined that certain information relating to individuals were present in files stored on its systems during the period of unauthorized access. That information included name, address, date of birth, and Social Security number. Please note that the information varied by individual and for many individuals.
What We Are Doing. BGA treats its duty to safeguard the information entrusted to it as an utmost priority. BGA responded immediately to this incident, promptly notified law enforcement authorities, and has been working diligently to provide individuals with an accurate and complete notice of the incident as soon as possible. BGA also took steps to secure potentially affected systems and conduct a diligent investigation aided by third-party cybersecurity specialists. Further, BGA implemented additional technical security measures designed to mitigate and minimize the recurrence of a similar future incident. BGA is also offering access to complimentary credit monitoring and identity protection services through IDX to individuals whose personal information may be impacted by this incident.
What You Can Do. Individuals can find out more about how to protect themselves against the potential misuse of information by reviewing the information sheet on BGA’s website entitled “Steps You Can Take to Protect Information.” BGA’s website can be accessed at: [Redacted]. The information sheet provides additional details regarding fraud alerts and credit freezes, as well as contact information for the nationwide consumer reporting agencies. Individuals will also find further information about the monitoring services BGA is offering to eligible individuals on its website via the hyperlink above.
For More Information. If you have questions about this incident that are not addressed in this notice, please call our dedicated assistance line at (833) 814-1737, Monday through Friday from 9 am – 9 pm Eastern Time, excluding U.S. holidays. You may also write to us at: Compliance Department, Black, Gould & Associates, Inc., 3800 N. Central Avenue, 9th Floor, Phoenix, Arizona 85012.
