Posted On October 18, 2022 Consumer Privacy & Data Breaches
On October 14, 2022, Lifespire Services, Inc. filed notice of a data breach with the U.S. Department of Health and Human Services Office for Civil Rights after the company experienced a cybersecurity incident affecting consumer information stored on the company’s computer servers. Based on the company’s official filing, the incident resulted in an unauthorized party gaining access to the following consumer information: names, addresses, Social Security numbers, dates of birth, driver’s license numbers, passport numbers, bank account information, credit card information, medical diagnosis and treatment information, Medicare numbers, Medicaid numbers, and health insurance information. After confirming that consumer data was leaked, Lifespire began sending out data breach notification letters to all individuals who were impacted by the recent data security incident. The organization estimates that 15,375 people were impacted by the recent data breach.
If you received a data breach notification, it is essential you understand what is at risk. The data breach lawyers at Console & Associates, P.C. are actively investigating the Lifespire data breach on behalf of people whose information was exposed. As a part of this investigation, we are providing free consultations to anyone affected by the breach who is interested in learning more about the risks of identity theft, what they can do to protect themselves, and what their legal options may be to obtain compensation from Lifespire Services, Inc.
The available information regarding the Lifespire Services breach comes from the company’s filing with the U.S. Department of Health and Human Services Office for Civil Rights. Lifespire also posted a “Notification of Data Security Incident” page on its website. According to these sources, on February 8, 2022, Lifespire Services first learned of an incident affecting its computer systems. While the company did not elaborate on the nature of the incident, in response, Lifespire suspended its network to prevent future access and began working with a cybersecurity firm to investigate the incident.
The company’s investigation confirmed that certain files containing sensitive consumer information were accessible to an unauthorized party between January 14, 2022 and February 8, 2022.
Upon discovering that sensitive consumer data was made available to an unauthorized party, Lifespire Services began to review the affected files to determine what information was compromised and which consumers were impacted. While the breached information varies depending on the individual, it may include your name, address, Social Security number, date of birth, driver’s license number, passport number, bank account information, credit card information, medical diagnosis and treatment information, Medicare or Medicaid number, and health insurance information.
On October 14, 2022, Lifespire Services sent out data breach letters to the 15,375 individuals whose information was compromised as a result of the recent data security incident.
Founded in 1951, Lifespire Services, Inc. is a New York-based organization focused on assisting those with developmental disabilities. The organization provides individuals with a wide range of services, including day habilitation services, community habitation services, respite services, residential services, family support services and counseling services. Lifespire operates 82 locations throughout the five boroughs of New York City, as well as services and sites in Westchester, Ulster and Greene County. Lifespire Services employs more than 55 people and generates approximately $67 million in annual revenue.
Cybercriminals are always looking for new ways to steal consumers’ personal, financial and protected health information. The reason for this is that hackers can either sell this information for a profit or use it to commit identity theft or other frauds. When it comes to stolen data, not all data types are created equal. For example, Social Security numbers are one of the most targeted types of information because hackers can use (or sell) this data very easily. But how can they profit off of your stolen SSN?
Most people assume that identity theft or unauthorized transactions are the extent of the damage a hacker can cause. While these are serious risks, criminals have a few other ways to profit from stolen Social Security numbers. Here are just a few:
The most commonly perpetrated fraud in the wake of a data breach involves hackers using stolen information to open a new line of credit in your name. Most often, hackers will apply for a new credit card or personal loan because these are the easiest to open. To do this, a hacker only needs your name, date of birth, address and Social Security number. Often, as is the case in the Lifespire breach, this information was leaked along with Social Security numbers. However, even when that isn’t the case, a cybercriminal may have access to your other information through another data breach, a database of compromised information, or by conducting an online search using whatever stolen information they already have.
A hacker who steals your Social Security number can file a fraudulent tax return in your name in hopes of intercepting your tax refund. Criminals do this by filing a tax return before you have the chance to file. Thus, to the IRS, it appears as though the hacker’s return is legitimate. Unfortunately, victims of tax refund fraud often don’t realize they’ve been targeted until the IRS rejects their tax return because it’s already been filed. To reduce the chances of a hacker successfully committing tax refund fraud, you should file your tax return as soon as possible.
Opening up a fraudulent cell phone account or utility account are also common ways hackers use to make money off of information stolen in a data breach. According to the Federal Trade Commission, 13 percent of fraud incidents in 2016 involved the creation of new phone and utility accounts. To open up a utility account, a hacker needs your name, address and your Social Security number. Then, they are free to rack up astronomical bills knowing that they won’t be the ones writing the check.
At Console & Associates, P.C., our consumer privacy lawyers monitor all security and data breaches to help affected consumers pursue their legal remedies. We offer free consultations to victims of data breaches and can explain your rights in clear, understandable terms so you can make an informed decision about how to proceed with your case. If you’ve been affected by the Lifespire data breach or any other data security incident, Console & Associates, P.C., will investigate your case at no charge and offer you thorough advice about how to most effectively proceed with your case. If you decide to bring a case, we only get paid if you do. If your claim is successful, any legal fees are either paid by the defendant or come out of the funds recovered from the defendant. If your claim doesn’t result in a recovery, you will pay nothing.
To schedule your free consultation, just call (866) 778-5500 today or fill out our secure contact form.
Below is a copy of the initial data breach letter issued by Lifespire Services, Inc. (the actual notice sent to consumers can be found here):
Dear [Redacted],
On February 8, 2022, Lifespire Services, Inc. experienced an incident that affected some of our computer systems. Upon discovery, we immediately suspended our network and engaged a third-party computer forensics firm to investigate the incident. Our investigation confirmed that a limited amount of information may have been accessed between January 14, 2022, and February 8, 2022.
Following a thorough analysis, on October 7, 2022, our investigation determined that the potentially affected information included names, addresses, Social Security numbers, dates of birth, driver’s license numbers, passport numbers, bank account information, credit card information, medical diagnosis/treatment information, Medicare/Medicaid numbers, and health insurance information.
In response to this incident, we reviewed our policies and procedures related to network security. Additionally, although we have no evidence of misuse of information as a result of this incident, we encourage potentially impacted individuals to enroll in complimentary credit monitoring and identity protection services we are making available.
To obtain more information about this incident or enroll in the credit monitoring and identity protection services, individuals should contact Lifespire’s dedicated assistance line at 1-833-814- 1694, Monday – Friday 9:00am -5:00pm ET (except U.S. holidays). Individuals may also write to Lifespire at 1 Whitehall Street, 9th floor New York, New York 10004. Attn: Brian Boehm – Director of Corporate Compliance. Individuals are encouraged to remain vigilant against incidents of identity theft and fraud by reviewing credit reports/account statements and explanation of benefits forms for suspicious activity and to detect errors. Individuals may also place a fraud alert or credit freeze by contacting the credit reporting agencies: TransUnion 1-800- 680-7289, P.O. Box 2000 Chester, PA 19016, transunion.com; Experian 1-888-397-3742, P.O. Box 9554 Allen, TX 75013, experian.com; Equifax 1-888-298-0045, P.O. Box 105069 Atlanta, GA 30348, equifax.com. Individuals can further educate themselves regarding identity theft, fraud alerts, credit freezes, and steps to protect their personal information by contacting the credit reporting bureaus, the Federal Trade Commission (“FTC”), or their state Attorney General. The FTC may be reached at 600 Pennsylvania Ave. NW, Washington, D.C. 20580; [Redacted]; 1-877-ID-THEFT (1-877-438-4338); and TTY: 1-866-653-4261.
