Posted On November 1, 2022 Consumer Privacy & Data Breaches
On October 25, 2022, Pinnacle Claims Management, Inc. (“PCMI”) filed a notice of a data breach with the Attorney General of California after the company learned that an unauthorized party had gained access to its computer network. While PCMI has not yet publicly disclosed the specific data types that were leaked, based on the company’s business, it is likely that the compromised information consists of consumers’ protected health information and possibly their Social Security numbers. After confirming that consumer data was leaked, PCMI began sending out data breach notification letters to all individuals who were impacted by the recent data security incident.
If you received a data breach notification, it is essential you understand what is at risk. The data breach lawyers at Console & Associates, P.C. are actively investigating the PCMI data breach on behalf of people whose information was exposed. As a part of this investigation, we are providing free consultations to anyone affected by the breach who is interested in learning more about the risks of identity theft, what they can do to protect themselves, and what their legal options may be to obtain compensation from Pinnacle Claims Management, Inc.
The available information regarding the Pinnacle Claims Management breach comes from the company’s filing with the Attorney General of California. According to this source, on June 26, 2022, PCMI detected unusual activity within its computer system. In response, the company took the necessary steps to secure its systems and then engaged the assistance of a cybersecurity firm to assist with the company’s investigation.
This investigation confirmed that an unauthorized party was able to access the PCMI computer network, and many have accessed files containing sensitive consumer information.
Upon discovering that sensitive consumer data was made available to an unauthorized party, Pinnacle Claims Management began to review the affected files to determine what information was compromised and which consumers were impacted. PCMI completed this process on September 28, 2022. While PCMI does not list the breached information in its most recent data breach letter, based on the company’s business activities, it would appear likely that it resulted in consumers’ protected health information being leaked.
On October 25, 2022, Pinnacle Claims Management sent out data breach letters to all individuals whose information was compromised as a result of the recent data security incident.
Pinnacle Claims Management, Inc. is a third-party administrator of health insurance benefits based in Irvine, California. PCMI clients include government entities, manufacturing firms, and private companies. The company helps employers select appropriate health plans and provides administrative support. In addition to its headquarters in Irvine, PCMI operates through a number of other locations throughout California and Arizona. Pinnacle Claims Management employs more than 174 people and generates approximately $81 million in annual revenue.
In 2021, there were more than 320 million victims of data breaches. So far, the number of data breach victims in 2022 seems like it will be on par. Given the frequency with which these breaches occur and the harms that can follow in their wake, it is important that you know what to do in the event your information is leaked in a data breach.
While there are many risks associated with a data breach, perhaps the most common harm associated with a breach is that a hacker is able to steal your identity or sell your personal information to another criminal on the dark web (who uses it to steal your identity). While there is nothing you can do to prevent a data breach, how you respond to the breach can reduce the risk of experiencing identity theft or other frauds.
Below is a list of some of the things you should do after a data breach. However, keep in mind that this is not an exhaustive list, especially if a breach involves highly sensitive information such as your financial account numbers or Social Security number.
The first thing to do after receiving a data breach letter is to carefully review the document to determine whether your information was leaked and, if so, what data was compromised. The letter will also contain important information about how an unauthorized party was able to access your information, what the company has done since then, and whether the company has received any reports of identity theft or fraud from other victims.
While hackers usually attempt to use any stolen information as quickly as possible, they might not always be able to immediately carry out their crimes. This is often the case where a breach only contains limited amounts of information, in which case hackers may need additional information to orchestrate their schemes, which can take time to acquire. Thus, it is imperative that you diligently check all your online accounts to monitor for any suspicious activity.
Credit monitoring is a service that alerts you to any suspicious activity related to your credit account. On average, credit monitoring costs between $20 and $40 per month. However, companies almost always offer victims of a data breach free credit monitoring for a period of time—usually between one to two years. Indeed, PCMI is offering victims of the recent breach 12 months of free credit monitoring. Signing up for credit monitoring is free and provides you with an easy way to keep an eye on your credit profile. Further, signing up for free credit monitoring doesn’t impact your rights to bring a data breach lawsuit against the company that leaked your information if the company was negligent leading up to the breach.
Fraud alerts and credit freezes are free services offered by the major credit bureaus. A fraud alert puts companies that pull your credit on notice that there is reason to believe that someone may be fraudulently using your information. A credit freeze offers additional protection by preventing any company from pulling your credit without your advance approval. The Identity Theft Resource Center has repeatedly explained that placing a credit freeze on your credit account is the single best way to prevent fraud after a data breach.
At Console & Associates, P.C., our consumer privacy lawyers monitor all security and data breaches to help affected consumers pursue their legal remedies. We offer free consultations to victims of data breaches and can explain your rights in clear, understandable terms so you can make an informed decision about how to proceed with your case. If you’ve been affected by the PCMI data breach or any other data security incident, Console & Associates, P.C., will investigate your case at no charge and offer you thorough advice about how to most effectively proceed with your case. If you decide to bring a case, we only get paid if you do. If your claim is successful, any legal fees are either paid by the defendant or come out of the funds recovered from the defendant. If your claim doesn’t result in a recovery, you will pay nothing.
To schedule your free consultation, just call (866) 778-5500 today or fill out our secure contact form.
Below is a copy of the initial data breach letter issued by Pinnacle Claims Management, Inc. (the actual notice sent to consumers can be found here):
Dear [Redacted],
We are writing to inform you of a recent data security incident experienced by Pinnacle Claims Management, Inc. (“PCMI”) that may have involved some of your information. PCMI provides health benefits administration. You are receiving this notice because your current or former employer’s health plan had a relationship with PCMI. At PCMI, we take the privacy and security of your information very seriously. That is why we are writing to provide you with information about this incident, about steps you can take to help protect your personal information, and to offer you complimentary identity monitoring services.
What Happened? On June 26, 2022, PCMI became aware of unusual activity within its digital environment. Upon discovering this activity, PCMI immediately took steps to secure its network. PCMI engaged leading cybersecurity firms to conduct an investigation to determine whether personal information hosted on its network may have been impacted as a result of the incident. The investigation revealed that an unauthorized actor may have acquired certain PCMI data. On September 28, 2022, we determined that some of your personal information may have been involved in this incident. We have no reason to believe that your personal information has been misused as a result of this incident.
What Information Was Involved? The information impacted in connection with this incident may have included your [Redacted].
What Are We Doing? As soon as PCMI discovered the incident, we took the measures described above and implemented additional security features to reduce the risk of a similar incident occurring the in the future. We are further notifying you of this event and advising you about steps you can take to help protect your information. In addition, out of an abundance of caution, we are offering you complimentary identity monitoring services for 12 months through Kroll, a global leader in risk mitigation and response.
Kroll’s services include 12 months of Credit Monitoring, Web Watcher, Public Persona, Quick Cash Scan, $1 Million Identity Fraud Loss Reimbursement, Fraud Consultation, and Identity Theft Restoration.
Please review this letter carefully, along with the guidance included with this letter about additional steps you can take to help protect your information. You can also activate Kroll’s identity monitoring services, which are offered to you at no cost.
How to Activate:
Visit [Redacted] to activate and take advantage of your identity monitoring services. You have until [Redacted] to activate your identity monitoring services. Membership Number: [Redacted]
15525 Sand Canyon Ave Irvine, CA 92618
ELN-15993
[Redacted]
To receive identity monitoring services, you must be over the age of 18 and have established credit in the U.S., have a Social Security number in your name, and have a U.S. residential address associated with your credit file. For more information about Kroll and your Identity Monitoring services, you can visit [Redacted]. Additional information describing your services is included with this letter.
Kroll representatives are available by calling (855) 532-1931 Monday through Friday from 8:00 a.m. to 5:30 p.m. Central Time, excluding major U.S. holidays. Please note the deadline to activate is [Redacted]. Please do not discard this letter, as you will need the Membership Number provided above to access services.
We take your trust in us and this matter very seriously and we deeply regret any worry or inconvenience that this may cause you.
