Posted On January 28, 2022 Consumer Privacy & Data Breaches
January 28, 2022 – Recently, Harder + Company Community Research, Inc. announced that the personal, identifying, and health information of approximately 6,762 individuals was compromised in a data breach. Our data breach attorneys are investigating this cybersecurity incident to determine if consumers could have the grounds for a data breach class action lawsuit.
The company recently reported that, between April 17, 2021, and August 12, 2021, an unauthorized party gained access to certain files on its servers. A subsequent investigation revealed that the files may have contained the following information:
According to reports, Harder + Company Community Research, Inc. does not know which individuals’ information was actually accessed and cannot confirm that the unauthorized party retained any of the information.
However, anyone in receipt of a Harder + Company Community Research, Inc. data breach notification letter may now face an increased risk of identity theft and other financial losses. Attorneys are now investigating this recent cybersecurity incident to determine whether the company took the necessary steps to keep your data secure and whether those impacted by the breach can pursue a data breach class action lawsuit.
A data breach occurs when a hacker or other unauthorized party secretly gains access to sensitive consumer information stored on a company’s servers through some kind of cyberattack. Once a hacker obtains consumer data, they may use the information to commit identity theft or for other criminal purposes. Sometimes hackers will sell the data they obtain through a cyberattack to the highest bidder.
No one can tell with certainty why a hacker targeted your data in a data breach or what they plan to do with it, but the fact that your sensitive information is in the hands of an unauthorized party puts you at a greater risk of identity theft.
As consumers, we all provide personal data to companies for a variety of reasons. We trust these companies to protect our private data and keep this information secure. Unfortunately, data breaches happen frequently.
Attorneys are investigating data events like this security breach to determine the legal rights of consumers who trusted corporations with their sensitive information. Often, hackers target companies that rely on outdated or otherwise inadequate data-security measures. If it is determined that Harder + Company Community Research, Inc. did, in fact, fail to properly protect consumers’ data in some way, the individuals affected may be eligible to pursue compensation for their financial losses.
If you received a data breach letter from the company that experienced a security incident, it means that an unauthorized person—likely a criminal—may have accessed, viewed, and retained your personal information. While the company cannot know why the third party sought out your information and what they plan to do with it, the situation justifies a certain level of precaution on your part.
Below are a few ways to protect yourself from identity theft and the other possible financial risks that can stem from a data breach:
To protect and preserve their legal rights, it is highly recommended that individuals who received notice that their data may have been compromised immediately reach out to an experienced data breach attorney.
Companies have an ethical and legal duty to protect consumers’ personal, identifying, and health information. While developing and implementing a comprehensive and up-to-date data-security system is costly, this is a necessary cost of doing business in an environment where cyberattacks and data breaches are common.
Data breach laws are complex, and just because your information may have been accessed while in Harder + Company Community Research, Inc.’s care doesn’t necessarily make this company legally responsible. However, if a company fails to take appropriate actions to protect consumers’ sensitive information, it may face liability through a data breach class action lawsuit.
If you received a data breach notification letter, it is important that you not only protect yourself from possible fraud but also preserve your legal rights by speaking to a data breach attorney. Consumer privacy lawyers are undertaking investigations in legal matters involving all types of data breaches, ransomware attacks, and cyberattacks on a no-win, no-fee basis.
Find a copy of the data breach letter here.
Notice of Data Breach
Dear [RECIPIENT],
We are writing to notify you of a recent data security incident experienced at our firm, Harder+Company Community Research, and which may have affected your personal information. Please read this letter carefully.
Who We Are
Harder+Company Community Research is a California-based research, evaluation, and planning firm that works within the social sector. We work with nonprofit, philanthropic, and government clients—providing them with the information and tools they need to do their work effectively. We conduct program and organizational evaluations and studies across many areas including health, education, and community services.
What Happened
We recently learned that an unauthorized user gained access to some of our firm’s business email accounts that contained messages with some of our clients’ information. We worked diligently with a specialized computer forensics firm to investigate the matter and determined that this unauthorized access occurred between April 17, 2021 and August 12, 2021, without our knowledge. While we cannot confirm with certainty all information that was accessed by the unauthorized user during that time, we conducted a detailed review of all messages in the affected email accounts to identify information that may have been affected. That review process required a lot of time and effort, but we wanted to be thorough and make sure we did it right. We completed our review on December 3, 2021, and then promptly began notifying all potentially affected individuals that we identified through our process.
What Information Was Involved
You are receiving this message because our investigation and review process found that your personal information was contained in one or more emails in the accounts that were affected by this incident. We want to emphasize that, at this time, we have no evidence that your information has been misused in any way. However, we are providing you with this notice out of an abundance of caution. In that regard, we believe there may have been unauthorized access to emails in the affected accounts that contained your personal information. Information that may have been accessed could include any combination of the following: your full name, address, date of birth, Social Security Number, driver’s license number, health insurance information, and/or medical treatment information.
What We Are Doing
Please know that we take the protection of our clients’ personal information seriously and we are taking steps to continue investigating this incident, help mitigate the potential for harm, and prevent future incidents from happening. At this time, we have not found the person behind the unauthorized access or determined his or her motives, but we have notified law enforcement and will continue cooperating with their investigations. Out of an abundance of caution, we also have changed all passwords used to access our email system and computer network. We also are reviewing our policies and procedures to identify any additional ways to further strengthen the confidentiality and security of our clients’ information.
In addition, we are offering identity theft protection services through IDX, the data breach and recovery services expert. IDX identity protection services include: [12 months/24 months] of credit and CyberScan monitoring, a $1,000,000 insurance reimbursement policy, and fully managed id theft recovery services. With this protection, IDX will help you resolve issues if your identity is compromised.
What You Can Do
In light of this incident, we recommend that you remain vigilant by reviewing and monitoring your account statements and credit reports. If you find any errors or unauthorized activity, you should contact your financial institution or call the number on the back of your payment card. You also may file a report with law enforcement, your state attorney general, and/or the Federal Trade Commission. In addition, please refer to the enclosed documentation which contains additional steps you may take to protect your information from misuse, including some information that may be specific to your state of residence.
