Posted On November 17, 2022 Consumer Privacy & Data Breaches
On November 14, 2022, Middletown Valley Bank (“MVB”) filed notice of a data breach with the Attorney General of Montana after the company determined that an unauthorized party was able to access sensitive information belonging to certain bank customers. Based on the company’s official filing, the incident resulted in an unauthorized party gaining access to consumers’ names, financial account numbers, Social Security numbers, driver’s license numbers, passport numbers, and other information provided to Middletown Valley Bank when applying for products or services. After confirming that consumer data was leaked, Middletown Valley Bank began sending out data breach notification letters to all individuals who were impacted by the recent data security incident.
If you received a data breach notification, it is essential you understand what is at risk. The data breach lawyers at Console & Associates, P.C. are actively investigating the Middletown Valley Bank data breach on behalf of people whose information was exposed. As a part of this investigation, we are providing free consultations to anyone affected by the breach who is interested in learning more about the risks of identity theft, what they can do to protect themselves, and what their legal options may be to obtain compensation from Middletown Valley Bank.
The information regarding the Middletown Valley Bank breach comes from the Montana Attorney General’s “Reported Data Breach Incidents” web page, which provides a listing of all reported breaches. According to this source, on around October 1, 2022, Middletown Valley Bank learned of a potential data security incident. While the bank doesn’t discuss what led to this determination, in response, it shut down parts of its computer network and launched an internal investigation into the incident.
As a result of this investigation, Middletown Valley Bank learned that an unauthorized party was able to gain access to its computer network on October 1, 2022. The investigation also revealed that some of the files that were accessible to the unauthorized party contained sensitive information related to bank customers.
Upon discovering that sensitive consumer data was made available to an unauthorized party, Middletown Valley Bank began to review the affected files to determine what information was compromised and which consumers were impacted. While the breached information varies depending on the individual, it may include your name, financial account numbers, Social Security number, driver’s license number, passport number, and other information provided to the bank for purposes of applying for products or services.
On November 14, 2022, Middletown Valley Bank sent out data breach letters to all individuals whose information was compromised as a result of the recent data security incident.
Middletown Valley Bank is a regional bank located in Boonsboro, Maryland. The bank offers its customers the traditional products and services of a financial institution, including personal banking, business banking and residential mortgage services. Middletown Valley Bank operates nine locations throughout Maryland, including in Oakland, Hagerstown, Middletown, Waynesboro, Myersville, Boonsboro and Jefferson. Middletown Valley Bank employs more than 84 people and generates approximately $28 million in annual revenue.
Data breaches involve a hacker accessing your personal information with the intent of using your stolen data for their own benefit. While hackers will sometimes use the data they obtain themselves, more often, they sell it to another criminal on the dark web. Once a criminal has your information in their possession, they can use it to carry out a wide range of frauds, including identity theft. Given the risks involved with a data breach, it is important victims of a breach understand what they can do to protect themselves.
One important thing to realize when thinking about how to reduce the risk of identity theft in the wake of a data breach is that, by the time you get a data breach letter, it’s often been months since hackers first obtained your information, giving them a significant head start. However, the good news is that there are still steps you can take to limit these risks.
Below is a list of things that all data breach victims should consider doing as soon as possible. Keep in mind that this is not an exhaustive list, and you may want to take additional steps if your Social Security number or financial account numbers were leaked in the breach.
After a data breach, companies must report the incident to those who were affected as well as to any state where victims of the breach live. The first thing to do after receiving a data breach letter is to carefully review the document to determine whether your information was leaked and, if so, what specifically was compromised. Data breach letters also contain important information about how the unauthorized party accessed your information, what the company has done since then, and whether there have been any reports of identity theft or fraud from other victims.
Hackers generally try to use any stolen information as quickly as possible. This ensures that victims of the breach don’t have the opportunity to close their accounts or otherwise limit hackers’ ability to use the information. However, hackers might not always be able to immediately carry out their crimes if a breach only involves limited amounts of information. In these cases, hackers need additional information to carry out their crimes, which can take time to acquire. Because of this, it may not be until weeks or months after a breach that hackers can use the stolen information. Therefore, it is imperative that you frequently check all your online accounts to monitor for any suspicious activity.
Credit monitoring is a service that alerts you to any suspicious activity related to your credit account. On average, credit monitoring costs about $20 to $40 per month. However, companies almost always offer victims of a data breach free credit monitoring for a period of time—usually between one to two years. Indeed, Middletown Valley bank indicates that it will be providing victims of the breach with this service for 12 months. Signing up for credit monitoring is free and provides you with an easy way to keep an eye on your credit profile. Moreover, signing up for free credit monitoring doesn’t impact your rights to bring a data breach lawsuit against the company that leaked your information if the company was negligent leading up to the breach.
Fraud alerts and credit freezes are free services provided by the major credit bureaus. A fraud alert puts companies that pull your credit on notice that there is reason to believe that someone may be fraudulently using your information. A credit freeze offers additional protection by preventing any company from pulling your credit without your advance approval. The Identity Theft Resource Center has repeatedly stated that placing a credit freeze on your credit account is the single best way to prevent fraud after a data breach.
Taking these steps can reduce the chances of falling victim to identity theft. However, even with prompt remedial action, you may not be able to avoid a criminal fraudulently using your information. A data breach lawyer can help you understand your rights and, when appropriate, pursue a claim against an organization that leaked your information.
At Console & Associates, P.C., our consumer privacy lawyers monitor all security and data breaches to help affected consumers pursue their legal remedies. We offer free consultations to victims of data breaches and can explain your rights in clear, understandable terms so you can make an informed decision about how to proceed with your case. If you’ve been affected by the Middletown Valley Bank data breach or any other data security incident, Console & Associates, P.C., will investigate your case at no charge and offer you thorough advice about how to most effectively proceed with your case. If you decide to bring a case, we only get paid if you do. If your claim is successful, any legal fees are either paid by the defendant or come out of the funds recovered from the defendant. If your claim doesn’t result in a recovery, you will pay nothing.
To schedule your free consultation, just call (866) 778-5500 today or fill out our secure contact form.
Below is a copy of the initial data breach letter issued by Middletown Valley Bank (the actual notice sent to consumers can be found here):
Dear [Redacted],
Middletown Valley Bank and our subsidiary, Millennium Financial Group, Inc. (Mlend), understand the importance of securing the information we maintain. We are writing to provide an update regarding the security incident we first reported on October 3, 2022. This notice explains the incident, measures we have taken, and steps you can take in response.
Middletown Valley Bank, working with its technology service provider, first identified and began taking measures to address a security incident on October 1, 2022. That day, we shut down parts of our network and used new devices with an additional security tool installed to restore our network from backups. An investigation was immediately started. The investigation identified unauthorized access to files on a server that occurred on October 1, 2022. Upon review of the content of the files, on October 26, 2022, we determined that the files may have contained your name and one or more of the following: financial account number, Social Security number, driver’s license number, passport number, or other information provided to MVB by customers when applying for products or services. There was no unauthorized access to bank accounts, online banking credentials, debit card numbers or PIN numbers.
We have arranged for a company called “IDX” to provide identity monitoring at no cost to you for one year. IDX identity protection services include: one year of credit and CyberScan monitoring, a $1,000,000 insurance reimbursement policy, and fully managed identity theft recovery services.
We encourage you to contact IDX with any questions and to enroll in free identity protection services by calling 1-833-896-5566 or going to [Redacted] and use the Enrollment Code provided above. Please note the deadline to enroll is February 14, 2023. For more information on identity theft prevention, please see the pages following this letter.
We regret that this occurred and apologize for any inconvenience. We are implementing additional measures to further strengthen our existing security measures. If you have any questions, please call 1-833-896-5566, Monday through Friday, from 9:00 a.m. to 9:00 p.m., Eastern Time.
