Posted On January 29, 2022 Consumer Privacy & Data Breaches
January 29, 2022 – Recently, the non-profit organization Internews Network released additional information relating to a “cyber event” that resulted in the personal data of more than 10,000 individuals being compromised. According to an official filing by Internews Network, on December 7, 2021 the organization discovered unusual activity on some of the organization’s computers. Internews conducted a follow-up investigation, revealing that an unauthorized party gained access to the names, Social Security numbers, and dates of birth of 10,637 individuals nationwide.
Cyber-security events like the Internews Network breach can happen in a variety of different ways. Often, this type of breach is the result of a hacker breaching a company’s computer systems with the intention of obtaining sensitive consumer information. While no one knows the reasons why Internews Network was the target of this recent cyberattack, hackers and other criminals sometimes specifically target companies that have weak data security systems or vulnerabilities in their networks.
After a hacker gains unauthorized access to a computer network, they can obtain and remove sensitive consumer information located on the compromised servers. While a company can determine whether certain files were accessible, they often have no way of knowing which files were actually viewed and whether the hacker retained any of the data on these files. Regardless, those affected by a data breach are at an increased risk of identity theft. Given this reality, individuals who receive an Internews Network data breach notification should remain vigilant in checking their online accounts, credit card accounts, bank accounts, and credit reports for any signs of unauthorized activity.
Importantly, the fact that your information was compromised does not necessarily mean the unauthorized party orchestrating the cyber-attack will use it for criminal purposes. However, it is a possibility that should not be ignored. This is especially true in the current environment, where the COVID-19 pandemic gave criminals ample opportunity to conduct attacks against companies preoccupied with pandemic-related issues.
Businesses like Internews Network are obligated to protect the consumer data in their possession. If evidence emerges that Internews Network mishandled your sensitive information leading up to the breach, you may be eligible for financial compensation through a data breach lawsuit.
When you allowed Internews Network access to your personal data, you trusted the organization to keep your information secure. Certainly, this is an assumption most people in your situation would make. However, news of this data breach raises very real questions about the organization’s data security measures and whether more could have been done to prevent this type of breach.
All businesses and non-profit organizations have an ethical and legal obligation to ensure sensitive consumer information remains private. And while developing and maintaining a data security system comes at a significant expense, this is a necessary expense given the rampant reports of data breaches and other cybersecurity events.
United States data breach laws provide a way for consumers to sue companies for the misuse or negligent handling of their data. However, these laws are very complex. What’s more, news of the Internews Network data breach is very recent. That being the case, as of right now, there is no evidence suggesting that Internews Network bears responsibility for the cyberattack. However, that could change, as our data breach lawyers are looking into the breach to determine what legal remedies consumers may have against the organization.
If you have questions about your ability to bring a data breach class action lawsuit against Internews Network, you should contact a data breach attorney as soon as possible.
If you received an Internews Network data breach letter, it means your personal data was among that which was accessible to an unauthorized party. Thus, a total stranger could have accessed, viewed, and stolen your personal information. While you can’t be sure why a hacker would want to obtain your information or how they plan to use it, it is essential you remain vigilant to protect yourself from the heightened risk of identity theft by taking the following steps:
Internews Network is a California-based non-profit organization that provides media services, including training events, to journalists and digital rights activists. The organization was founded in 1982. However, Internews was incorporated in 1986 and later created the umbrella organization, Internews Incorporated, which is now the parent organization. Internews operated 30 offices around the world, including headquarters in California, Washington DC, London and Paris, and regional hubs in Bangkok, Kyiv, and Nairobi. According to the Internews website, the organization collects the “personally identifiable data that is voluntarily provided … to Internews and is necessary for specific business purposes.”
The company also provides a detailed list of how it uses the consumer information it gathers.
According to the most recent filings by Internews Network, on December 7, 2021, the organization noticed unusual activity on some of their computer systems. In response, Internews engaged the assistance of third-party forensic specialists to look into the incident. This investigation revealed that there was unauthorized access to Internews systems between October 2015 and December 2021.
Initially, Internews was unaware of the extent of consumer data accessible through the breach. However, around January 3, 2022, Internews determined that the involved systems contained protected information related to certain individuals. This information contained the names, Social Security numbers, and dates of birth of 10,637 individuals.
On approximately January 28, 2021, Internews Network mailed out data breach notification letters to all affected parties. These notices explain the details of the breach and provide consumers with steps they can take to protect themselves. Internews Network emphasizes that it is unaware of any instance in which the compromised data was actually accessed or used by the unauthorized party. However, affected individuals should keep a lookout for signs of identity theft and fraud by closely monitoring their online accounts and credit reports.
Below is a copy of the initial data breach letter issued by Internews Network (the actual notice sent to consumers can be found here):
Dear [Consumer],
Internews Network (“Internews”) writes to notify you of an incident that may affect the privacy of some of your information. Although we do not have evidence to suggest that your information was viewed or used by another party, we take this incident seriously. This letter provides details of the incident, our response, and steps you may take to protect against possible misuse of your personal information, should you feel it appropriate to take extra precautions. We know that this may be unsettling. We have arranged for a dedicated phone number you can call if you have questions, and are also sharing information about resources and support that you can start using today if you choose.
What Happened? On December 7, 2021, Internews became aware of possible activity related to certain computer systems. We immediately launched an investigation, with the assistance of third-party forensic specialists, to determine the nature and scope of the activity. That investigation, which took several weeks to conclude, determined that we were subject to a cyber event, and there was unauthorized access to our systems between October 2015 and December 2021.
What Information Was Involved? We conducted a thorough, detailed review of the affected systems to understand the nature and extent of the intrusion and determined that systems storing employee information could have been accessed. While we have no reason to believe that the unauthorized access resulted in any information related to you being viewed or taken, we are making you aware of this incident out of an abundance of caution. We have no reason to believe that any identity theft or unauthorized use of the affected information has occurred. For your reference, the information contained in the impacted systems that could possibly have been accessed, although we have no evidence of that, includes your <<b2b_text_2(DataElements)>>.
What is Internews Doing? Upon discovery, we immediately commenced an investigation to confirm the nature and scope of the incident and worked to secure our network. We have also taken steps to implement additional monitoring and safeguards and to review our policies and procedures relating to data privacy and security.
Internews is providing you with access to twenty-four (24) months of identity services through Kroll at no cost to you. A description of services and instructions on how to activate can be found within the enclosed Steps You Can Take to Help Protect Against Identity Theft and Fraud. Please note that you must complete the activation process yourself, as we are not permitted to activate these services on your behalf.
