Posted On December 22, 2022 Consumer Privacy & Data Breaches
December 22, 2022 – After learning that an unauthorized party could access confidential student information stored in its computer network, P2 Energy Solutions filed notice of a data breach with the Maine Attorney General on December 19, 2022.
According to the filing, an unauthorized party gained access to sensitive consumer information like names and Social Security numbers. Once it was confirmed that there was a data leak, P2 sent out notification letters to all 62,874 individuals affected by the data security breach.
The data breach lawyers at Console & Associates, P.C. are actively investigating the P2 data breach. If you have received a breach notification and are interested in learning about the risks of identity theft and what you can do to protect yourself, we are offering free consultations where we can discuss your legal options for receiving compensation from P2.
P2 Energy Solutions is a software and business services company that develops software for the gas and oil industry. They also offer various services to gas and oil companies, like financial accounting and geospatial data services, as well as handling the implementation of application, Tobin’s custom mapping, application outsourcing, ERP systems integration, and outsourcing. It operates its branches in many states throughout the United States, such as Arkansas, California, Delaware, Georgia, Arizona, Ohio, Texas, South Carolina, Pennsylvania, and Illinois. Originally founded in 1999 in Denver, CO, P2 now employs over 623 people and generates approximately $130 million in revenue annually.
According to its filing with the Attorney General of Maine, P2 detected suspicious activity on its computer network on November 17, 2022. P2 attempted to secure its network. On December 16, 2022, P2 discovered that sensitive consumer data was, in fact, exposed to a third party. After learning that the computer network was accessed by an unauthorized party, P2 launched an investigation into the breach and discovered that sensitive consumer data was, in fact, exposed to a third party between November 8, 2022 and November 17, 2022. The next step was to review the files and determine what information was made available. The types of information exposed were first and last names, and Social Security numbers. While not consistent with each individual, any or all of the information listed may have been leaked due to the attack.
On December 19, 2022, P2 sent out letters to all individuals whose sensitive information had been compromised. Per the Maine Attorney General’s “Data Breach Notifications” page, the data breach affected 67,874 people across the U.S.
There are quite a few different things that a criminal can do with a Social Security number. Nearly everyone in the United States has a Social Security number; businesses even use SSNs for many reasons. If a criminal were to get their hands on one, they can easily commit identity theft.
Though many people think that making charges in their name is the worst thing that can happen when someone gets their SSN, that’s really just the surface of it. Criminals are always looking for new ways to steal SSN and use them to make money.
Other than making fraudulent charges on credit cards that you already own, hackers can also open new cards and apply for loans under a victim’s name. Applying for these things online is easy because they don’t need much more than basic information. The only things really needed to apply for a credit card are a Social Security number, name, and date of birth. A quick search online can get them the rest of the information easily.
Hackers can also use a SSN to apply for benefits under a victim’s identity, like disability. If that person already receives public benefits, criminals can reroute the money to go into their accounts. Public Benefit Fraud is a challenge to fix because of all the steps in the process, so it can end up taking a significant amount of time before it’s resolved.
Tax refund fraud is a type of identity theft that involves fraudulently filing a tax return with the IRS with the aim to steal a victim’s tax refund before they file their real return. It’s hard to determine when someone has been a victim of tax refund fraud. It’s only when the state rejects the return because it has technically already been filed that people realize it. The best way to prevent tax refund fraud is to file a tax return to the IRS as soon as possible to stop hackers before they even attempt it.
It isn’t just credit cards and loans that a hacker can open in a victim’s name. They can also open utility or cell phone accounts under their name. The Federal Trade Commission reports that 13 percent of all fraud incidents in 2016 was cell phone and utility account fraud. They would only need your name, Social Security number, and address, which can easily be obtained, to open one in your name.
The consumer privacy lawyers at Console & Associates, P.C. help customers affected by data and security breaches pursue legal solutions by offering free consultations. By explaining your rights in clear, concise terms, we help you make an informed decision about your next steps. If you are a victim of the P2 data breach, Console & Associates, P.C. will investigate at no charge to you and offer advice on how to proceed. If you decide to pursue a case, rest assured that we don’t get paid unless you do. If your claim is successful, legal fees are either paid out of the funds recovered or by the defendant. If your claim is not successful, you pay nothing.
Below is a copy of the initial data breach letter issued by P2 Energy Solutions (here is the actual notice sent to consumers) :
P2 Energy Solutions is committed to protecting the confidentiality and security of the information we maintain. We are writing to notify you that we identified and addressed an incident that involved some of your information. We maintain your information because we provide accounting and land management software services to various customers in the oil and gas industry. This notice explains the incident, measures we have taken, and additional steps you may consider taking in response.
What Happened? We identified suspicious network activity on November 17, 2021. Upon discovery, we initiated our incident response plan, and took proactive steps to secure our network. On December 16, 2021, we received information that an unauthorized party may have accessed our network. We commenced an investigation and determined that an unauthorized party accessed and acquired certain files from our network between November 8, 2021 and November 17, 2021.
What Information Was Involved? P2 reviewed these files to identify the involved individuals. This process was time and labor-intensive, but P2 wanted to be certain about what information was involved and to whom it pertained. On October 15, 2022, we determined that one or more file(s) contained your name and [Redacted].
What We Are Doing. We implemented additional security measures to enhance the security of our network and we are continuing to train our employees concerning data security. We also arranged for a company called “IDX” to provide identity monitoring at no cost to you for [Redacted]. IDX identity protection services include [Redacted] of credit and CyberScan monitoring, a $1,000,000 insurance reimbursement policy, and fully managed identity theft recovery services.
What You Can Do. We encourage you to remain vigilant against the possibility of fraud and identity theft by reviewing your financial account statements and credit reports for any unauthorized activity. If you see charges or activity you did not authorize, please contact the relevant financial institution immediately. You can also sign up for the free credit monitoring services through IDX by calling (833) 814-1790 or going to [Redacted] and use the Enrollment Code provided above. Please note the deadline to enroll is March 19, 2023. For more information on identity theft prevention, please see the pages following this letter.
For More Information. If you have any questions, please call (833) 814-1790, Monday through Friday, between 8:00 am and 8:00 pm, Central Time.