Posted On January 25, 2022 Consumer Privacy & Data Breaches
January 25, 2022 – Recently, Rockingham Mutual Group, Inc., announced a data breach that occurred as a result of a cyberattack on the company’s information technology systems. According to a company news release, on October 2, 2020, Rockingham Mutual Group learned that an unauthorized party attempted to gain access to the company’s network. While Rockingham Mutual Group was unable to confirm that the unauthorized party successfully accessed any consumer information, the compromised servers contained the full names, mailing addresses, birthdates, and Social Security numbers of 52,564 individuals.
Data breaches such as this one can occur in several different ways. However, they are often the result of a hacker or other criminal actor breaching an organization’s IT systems for the purpose of accessing sensitive consumer information in the company’s possession. Often, cybercriminals target those companies that rely on weak or outdated data-security technology.
Once a hacker gains access to consumer data, they will often remove it, possibly to commit identity theft or sell the information to another party. Regardless of who ends up with a consumer’s data, those whose information is compromised in a data breach are much more likely to experience identity theft or fall victim to other serious crimes. Given the risks involved, it is imperative anyone who received a data breach letter from Rockingham Mutual Group, Inc. takes the steps necessary to protect themselves from the risks data breaches such as this one present.
Those who received a data breach letter from Rockingham Mutual Group, Inc. have reason to be concerned. While the fact that someone’s information is compromised doesn’t necessarily mean the unauthorized party will use it for criminal purposes, it is a fairly common occurrence, especially in recent years. In fact, since the beginning of the COVID-19 pandemic, identity theft crimes have become much more common. In many instances, identity thieves obtain the data they need to commit these crimes through a data breach.
Companies have a duty to protect consumer data. If evidence emerges that Rockingham Mutual Group mishandled your sensitive information leading up to the breach, you may be eligible for financial compensation through a data breach lawsuit.
When you provided Rockingham Mutual Group, Inc. with your personal information, you trusted the company to keep your information secure. Certainly, anyone would assume that the company would take whatever precautions were necessary to prevent criminal actors from accessing and removing sensitive consumers data. However, news of the Rockingham Mutual Group, Inc. data breach raises serious questions about the adequacy of the company’s data security measures and, potentially, the company’s ongoing commitment to consumer data privacy.
All businesses in possession of consumer data have an ethical and legal obligation to ensure it remains private. And while creating and maintaining an effective data-security system is a burden for an organization, it is also a necessary cost in an environment where the threat of cyberattacks is ever-present.
United States data breach laws allow affected parties to sue corporations for the misuse or negligent handling of their data. However, these laws are complex, and news of this data breach is very recent. Thus, at this point, there is not yet any evidence suggesting that Rockingham Mutual Group bears responsibility for the breach. However, that may change as our data breach lawyers are looking into the breach to determine what legal remedies affected consumers may have against the Rockingham Mutual Group, Inc.
If you have questions about your ability to bring a class action lawsuit against Rockingham Mutual Group, Inc., it is essential that you contact a data breach attorney as soon as possible.
If you received a data breach letter from Rockingham Mutual Group, Inc., you may be among those whose personal data was compromised in the recent data breach. It also means a total stranger may have accessed, viewed, and retained your sensitive personal information. While there is no telling why someone would want your information or what they might do with it, the situation is concerning. Thus, it is essential you remain vigilant to protect yourself by taking the following steps:
Rockingham Mutual Group, Inc. is an insurance company that serves customers in Virginia and Pennsylvania. Rockingham Mutual Group, Inc. is the parent company of several other insurers, including Rockingham Group, Inc., Rockingham Insurance Company, Rockingham Casualty Company, Rockingham Mutual Service Agency, Inc, and Rockingham Specialty, Inc.
The company provides customers with a wide range of various insurance policies and currently has more than 50,000 policyholders.
According to the most recent data breach letter issued by Rockingham Mutual Group, Inc., on October 2, 2020, the company detected that it was the target of a cybersecurity attack. Rockingham Mutual Group did not elaborate on the nature and cause of the cyberattack. However, through a subsequent investigation, the company learned the unauthorized party gained access to some of the company’s electronic files containing the full names, mailing addresses, birthdates, and Social Security numbers of 52,564 individuals.
More recently, Rockingham Mutual Group, Inc. distributed written notice to all affected parties, informing them of the breach and what they can do to protect themselves. While Rockingham Mutual Group says there is no indication that the unauthorized party used any of the compromised consumer data or intends to do so, the company encouraged those who received a data breach letter to keep a lookout for signs of identity theft by closely monitoring their online accounts and credit reports.
Below is a copy of the initial data breach letter issued by Rockingham Mutual Group, Inc. (a sample of the actual notice sent to consumers can be found here):
Dear [Consumer],
We are writing in order to inform you of an incident that may have exposed your sensitive personal information. We take the security of your personal information seriously and want to provide you with information and resources you can use to protect your information.
What Happened and What Information was Involved:
On October 2, 2020, Rockingham Mutual Group, Inc. (“RMG”) detected that it was the target of a cybersecurity attack. An unauthorized third party attempted to infiltrate RMG’s computer network. Although we have found no evidence that your information has been specifically accessed for misuse, it is possible that your full name, mailing address, birthdate, and social security number could have been exposed.
We maintained this information on our system for standard payroll and organizational purposes.
As of this writing, RMG has not received any reports of related identity theft since the date of the incident (October 2, 2020 – present).
What We Are Doing:
Upon detecting this incident, we moved quickly to initiate our incident response, which included conducting an investigation with the assistance of third-party forensic specialists and confirming the security of our network environment. We have been working with law enforcement to respond to this incident. We have reviewed and altered our policies and procedures relating to the security of our systems and servers, as well as our information life cycle management.
We value the safety of your personal information and are therefore offering two years of credit monitoring and identity theft protection services through IDX, which include:
Single Bureau Credit Monitoring – Monitoring of credit bureau for changes to the member’s credit file such as new credit inquires, new accounts opened, delinquent payments, improvements in the member’s credit report, bankruptcies, court judgments and tax liens, new addresses, new employers, and other activities that affect the member’s credit record.
CyberScan – Dark Web monitoring of underground websites, chat rooms, and malware, 24/7, to identify trading or selling of personal information like SSNs, bank accounts, email addresses, medical ID numbers, driver’s license numbers, passport numbers, credit and debit cards, phone numbers, and other unique identifiers.
Identity Theft Insurance – Identity theft insurance will reimburse members for expenses associated with restoring their identity should they become a victim of identity theft. If a member’s identity is compromised, the policy provides coverage for up to $1,000,000, with no deductible, from an A.M. Best “A-rated” carrier. Coverage is subject to the terms, limits, and/or exclusions of the policy.
Fully-Managed Identity Recovery – IDX’s fully-managed recovery service provides restoration for identity theft issues such as (but not limited to): account creation, criminal identity theft, medical identity theft, account takeover, rental application, tax fraud, benefits fraud, and utility creation. This service includes a complete triage process for affected individuals who report suspicious activity, a personally assigned ID Care Specialist to fully manage restoration of each case, and expert guidance for those with questions about identity theft and protective measures.
With this protection, IDX will help you resolve issues if your identity is compromised.
