Posted On December 22, 2022 Consumer Privacy & Data Breaches
December 22, 2022 – After learning that an unauthorized party could access confidential student information stored in its computer network, Order Express, Inc. filed notice of a data breach with the California Attorney General on December 15, 2022.
According to the filing, an unauthorized party gained access to sensitive consumer information like names and Social Security numbers. Once it was confirmed that there was a data leak, Order Express sent out notification letters to all 63,220 individuals affected by the data security breach.
The data breach lawyers at Console & Associates, P.C. are actively investigating the Order Express data breach. If you have received a breach notification and are interested in learning about the risks of identity theft and what you can do to protect yourself, we are offering free consultations where we can discuss your legal options for receiving compensation from Order Express, Inc.
Order Express, Inc. is a financial services company that offers services such as check cashing, money transfer, small loans, money orders, and related services, like bill paying services and selling plane tickets. It operates its branches in many states throughout the United States, such as Arkansas, California, Delaware, Georgia, Arizona, Ohio, Texas, South Carolina, Pennsylvania, and Illinois. Originally founded in 1993 in Chicago, IL, Order Express now employs over 130 people and generates approximately $43 million in revenue annually.
According to its filing with many attorney general offices in states like Maine, Massachusetts, and Montana, Order Express determined that an unauthorized party had breached its computer network on September 27, 2022. After investigating unusual activity on its computer network and discovering a possible cyberattack, Order Express worked with a third-party company specializing in cybersecurity to look into the incident.
After learning that the computer network was accessed by an unauthorized party between July 29, 2022 and September 7, 2022, Order Express discovered that sensitive consumer data was, in fact, exposed to a third party. The next step was to review the files and determine what information was made available. The types of information exposed were first and last names, and Social Security numbers. While not consistent with each individual, any or all of the information listed may have been leaked due to the attack.
On December 15, 2022, Order Express sent out letters to all individuals whose sensitive information had been compromised.
If you receive a notice of a data breach from Order Express, it means your personal information was included in the data breach. Your personal information may have been accessed by hackers who use the information to commit a range of crimes, including identity theft. After a data breach, it can be difficult to find the hackers responsible. Whether the hackers are found or not, they might not be the only ones responsible for the data breach. They may have been the ones committing the crime, but according to U.S. data breach laws, victims may be able to receive financial compensation by the company that was the target of the leak.
Though companies, like Order Express, Inc., are considered victims of the attack as well, they are also the ones responsible for defending such sensitive information from the cyberattacks. State and federal laws claim that companies have to take certain precautions regarding consumer information and can be considered negligent if those precautions are not taken.
Such precautions include:
Under U.S. data breach laws, the companies that store data have a responsibility to ensure the security of consumer information. If they have been breached and that data has been accessed by unauthorized parties, they may be held financially responsible. The situation isn’t always black and white concerning the laws of responsibility following a breach. That is why you should pursue legal assistance in the event of a breach.
The consumer privacy lawyers at Console & Associates, P.C. help customers affected by data and security breaches pursue legal solutions by offering free consultations. By explaining your rights in clear, concise terms, we help you make an informed decision about your next steps. If you are a victim of the Order Express data breach, Console & Associates, P.C. will investigate at no charge to you and offer advice on how to proceed. If you decide to pursue a case, rest assured that we don’t get paid unless you do. If your claim is successful, legal fees are either paid out of the funds recovered or by the defendant. If your claim is not successful, you pay nothing.
To schedule your free consultation, just call (866) 778-5500 today or fill out our secure contact form.
Below is a copy of the initial data breach letter issued by Order Express, Inc. (here is the actual notice sent to consumers):
Dear [Redacted],
Order Express, Inc. (“Order Express”) writes to notify you of an incident that may affect the privacy of certain information provided to us. We take this incident seriously and are providing you information about the incident, our response, and resources we are making available to you in an abundance of caution.
What Happened? On September 7, 2022, we discovered unusual activity on our computer network and immediately began an investigation, which included working with third-party specialists. The investigation determined an unknown party accessed parts of our computer network without authorization between July 29, 2022 and September 7, 2022. Therefore, we conducted a review of our network to determine the type of information contained therein and to whom the information related. On November 18, 2022, we completed our review and began confirming address information for potentially impacted individuals.
What Information Was Involved? The information identified in our review included identification information you may have provided to us, including your name in combination with one or more of the following: [Redacted].
What Are We Doing? In response to this incident, we conducted an investigation and took additional steps to further secure our network. Additionally, in an abundance of caution, we are offering you access to [Redacted] months of complimentary credit monitoring and identity protection services.
What You Can Do. We encourage you to enroll in the credit monitoring and identity protection services we are making available to you at no cost. Information about how to enroll in these services and additional resources available to you is included in the attached Steps You Can Take to Help Protect Your Information.
For More Information. If you have questions about this matter, we have established a dedicated assistance line, which can be reached at 1-833-896-6512, Monday through Friday, 8 a.m. to 8 p.m. Central Time. You may also write to us at 685 W. Ohio Street, Chicago, IL 60654.
We sincerely regret any concern this incident may cause you. The privacy and security of information is important to us, and we will continue to take steps to protect information in our care.
