Posted On November 23, 2022 Consumer Privacy & Data Breaches
On November 8, 2022, Mercyhurst University filed notice of a data breach with the Attorney General of Maine after the school discovered that an unauthorized party was able to access sensitive student information stored on its computer system. Based on the university’s official filing, the incident resulted in an unauthorized party gaining access to students’ names and Social Security numbers. After confirming that consumer data was leaked, Mercyhurst began sending out data breach notification letters to all individuals who were impacted by the recent data security incident.
If you received a data breach notification, it is essential you understand what is at risk. The data breach lawyers at Console & Associates, P.C. are actively investigating the Mercyhurst data breach on behalf of people whose information was exposed. As a part of this investigation, we are providing free consultations to anyone affected by the breach who is interested in learning more about the risks of identity theft, what they can do to protect themselves, and what their legal options may be to obtain compensation from Mercyhurst University.
The available information regarding the Mercyhurst University breach comes from the company’s filing with the Maine Attorney General’s Office. According to this source, Mercyhurst University detected suspicious activity within its computer system earlier this year. In response, the school launched an investigation to determine the nature and scope of the incident and to determine whether any student or faculty information was compromised as a result.
The Mercyhurst investigation confirmed that an unauthorized party was able to access the school’s computer network between January 16, 2022 and May 15, 2022. It was also determined that the unauthorized party was able to access files containing confidential information pertaining to certain students and faculty members.
Upon discovering that sensitive consumer data was made available to an unauthorized party, Mercyhurst University began to review the affected files to determine what information was compromised and which consumers were impacted. The school completed this review on September 16, 2022. While the breached information varies depending on the individual, it may include your name and Social Security number.
On November 8, 2022, Mercyhurst University sent out data breach letters to all individuals whose information was compromised as a result of the recent data security incident.
Founded in 1926, Mercyhurst University is a private Roman Catholic university located in Erie, Pennsylvania. The school offers 4-year bachelor, 2-year associate, and 1-year certificate programs in a variety of traditional subjects. Current enrollment at Mercyhurst University is approximately 2,800, and the school’s faculty consists of 126 full-time staff members. Mercyhurst University employs more than 668 people in total and generates approximately $148 million in annual revenue.
Hackers are always looking out for new ways to obtain consumers’ personal information. While hackers seek out all types of data, Social Security numbers are one of the most targeted data types because hackers can use (or sell) this data very easily. But how can criminals profit off of your stolen SSN?
Most people assume that identity theft or unauthorized transactions are the extent of the damage a hacker can cause; however, that is not necessarily the case. Criminals have a few different ways to profit from stolen Social Security numbers. Below is a list of the most common frauds committed in the wake of a data breach.
The most common harm associated with a data breach involves hackers using your stolen information to open up a new line of credit in your name. Most often, this involves a hacker applying for a new credit card or personal loan. To do this, a hacker needs your name, date of birth, address and Social Security number. However, once they have your name and Social Security number, obtaining your birth date and address is easy enough for these sophisticated criminals. For example, a cybercriminal may have access to your other information through another data breach, a database of previously compromised information, or by conducting an online search using the stolen information they already have.
A hacker who steals your Social Security number can file a fraudulent tax return on your behalf in hopes of intercepting your tax refund. They do this by filing a fraudulent tax return with the IRS before you have the opportunity to file your actual return. Unfortunately, victims of tax refund fraud often don’t realize they’ve been targeted until the IRS rejects their tax return because it’s already been filed. To reduce the chances of a hacker successfully committing tax refund fraud, you should file your tax return as soon as possible.
Cell phone and utility accounts are also common methods hackers use to make money off of stolen information. In fact, according to the Federal Trade Commission, 13 percent of fraud incidents in 2016 involved the creation of new phone and utility accounts. To open up a utility account, all a hacker needs is your name, address and your Social Security number.
In many cases, hackers do not conduct identity theft or fraud themselves. Instead, they post stolen information for sale on the dark web and sell it to the highest bidder. This enables hackers to make a quick profit and move on to the next cyberattack and the next set of victims. However, this also makes it difficult to track down who orchestrated the attack and who fraudulently used your information.
Those who have questions about their rights after a data breach and what they can do to hold a company responsible for leaking their information should reach out to an experienced data breach lawyer for assistance.
At Console & Associates, P.C., our consumer privacy lawyers monitor all security and data breaches to help affected consumers pursue their legal remedies. We offer free consultations to victims of data breaches and can explain your rights in clear, understandable terms so you can make an informed decision about how to proceed with your case. If you’ve been affected by the Mercyhurst data breach or any other data security incident, Console & Associates, P.C., will investigate your case at no charge and offer you thorough advice about how to most effectively proceed with your case. If you decide to bring a case, we only get paid if you do. If your claim is successful, any legal fees are either paid by the defendant or come out of the funds recovered from the defendant. If your claim doesn’t result in a recovery, you will pay nothing.
To schedule your free consultation, just call (866) 778-5500 today or fill out our secure contact form.
Below is a copy of the initial data breach letter issued by Mercyhurst University (the actual notice sent to consumers can be found here):
Dear [Redacted],
Mercyhurst University (“Mercyhurst”) writes to notify you of an incident that may affect the privacy of some of your information. This letter provides details of the incident, our response, and steps you may take to better protect against the possible misuse of your information should you feel it is appropriate to do so.
What Happened? Earlier this year, Mercyhurst discovered suspicious activity in its environment. Upon learning this, Mercyhurst immediately launched an investigation to determine the nature and scope of the activity. The investigation, which was conducted with the assistance of third-party forensic specialists, determined that there was unauthorized access to our environment between January 16, 2022 and May 15, 2022. The investigation also determined that an unauthorized actor had the ability to access certain information stored on the network during this period of time. Therefore, Mercyhurst undertook a comprehensive review of the data at risk to assess if any sensitive information could be affected and to whom it related. On September 16, 2022, Mercyhurst completed this review and determined the data contained certain information related to you.
What Information Was Involved? Mercyhurst determined the type of information potentially impacted by this incident includes your: name, [Redacted].
What We Are Doing. Mercyhurst takes the confidentiality, privacy, and security of information in its care seriously. Upon discovery of the incident, we immediately commenced an investigation and took steps to implement additional safeguards and review our policies and procedures relating to data privacy and security.
In an abundance of caution, Mercyhurst is providing you with access to [Redacted] months of credit monitoring and identity protection services through Equifax at no cost to you. A description of the services and instructions on how to enroll can be found within the enclosed Steps You Can Take to Protect Personal Information. Please note that you must complete the enrollment process yourself as we are not permitted to enroll you in these services.
What You Can Do. You can review the enclosed Steps You Can Take to Protect Personal Information for general guidance. In addition, you can enroll in the complimentary credit monitoring and identity protection services being offered through Equifax. We also encourage you to remain vigilant against incidents of identity theft and fraud, to review your account statements, and to monitor your credit reports for suspicious activity.
