Posted On November 21, 2022 Consumer Privacy & Data Breaches
On November 8, 2022, Simmons Bank filed notice of a data breach with the Attorney General of California after the company learned that one of its vendors, Mayer Brown, experienced a data breach related to one of its vendors, AMS Collaborator. Based on the company’s official filing, the incident resulted in an unauthorized party gaining access to consumers’ names, addresses, Social Security numbers, and driver’s license numbers. After confirming that consumer data was leaked, Simmons Bank began sending out data breach notification letters to all individuals who were impacted by the recent data security incident.
If you received a data breach notification, it is essential you understand what is at risk. The data breach lawyers at Console & Associates, P.C. are actively investigating the Simmons Bank / Mayer Brown / AMS Collaborator data breach on behalf of people whose information was exposed. As a part of this investigation, we are providing free consultations to anyone affected by the breach who is interested in learning more about the risks of identity theft, what they can do to protect themselves, and what their legal options may be to obtain compensation from the responsible party.
The available information regarding the Mayer Brown / AMS Collaborator breach comes from the Simmonds Bank filing with the Attorney General of California. According to this source, on September 21, 2022, Mayer Brown reached out to Simmons Bank to inform the bank that one of its third-party vendors, AMS Collaborator, experienced a data breach after an unauthorized party was able to access the company’s computer network. Evidently, Mayer Brown used AMS Collaborator’s file-sharing service, which was compromised in the AMS Collaborator breach. No further details were reported regarding what led up to the breach.
Upon discovering that sensitive consumer data was made available to an unauthorized party, Simmons Bank began to review the affected files to determine what information was compromised and which consumers were impacted. While the breached information varies depending on the individual, it may include your name, address, Social Security number, and driver’s license number.
On November 8, 2022, Mayer Brown sent out data breach letters to all individuals whose information was compromised as a result of the recent data security incident.
Established in 1903, Simmons Bank is a regional bank based in Pine Bluff, Arkansas. Simmons Bank has roughly $27 billion in assets under management and operates several smaller financial institutions, including Southwest Bank, First South Bank, Delta Trust, Metropolitan National Bank, and Citizens National Bank. Simmons Bank employs more than 2,800 people and generates approximately $828 million in annual revenue.
Founded in 1881, Mayer Brown is a law firm and a global services provider based in Boston, MA. Mayer Brown employs more than 4,232 people and generates approximately $719 million in annual revenue.
AMS Collaborator is a software company based in Salem, Oregon. The company’s premier product is a secure file-sharing service.
Under United States consumer protection laws, any organization responsible for leaking consumer information may be liable through a data breach lawsuit. However, just because a breach occurred and your information was compromised doesn’t necessarily mean that the company you trusted with your information is financially responsible to you for any harm. As a general rule, only those companies that were negligent leading up to a breach are financially liable for victims’ harms.
While all data breach lawsuits are complex, third-party data breaches are especially so. The term third-party data breach describes an incident where the company that was targeted in the cyberattack is not the same organization that was initially entrusted with the leaked information. In this case, you entrusted Simmons Bank with your information, but the breach occurred at AMS Collaborators, a vendor selected by Mayer Brown.
Determining which company is liable for the data breach can be challenging, and consumers whose information was leaked may not know where to look for answers. However, generally speaking, any company that maintains, stores, transmits or receives consumer data has a legal obligation to the consumer—regardless of whether the company that was breached received the information directly from a consumer. In fact, for the most part, it does not matter how a company comes into possession of consumer data. Instead, the question is whether the company that was hacked or otherwise leaked the information was negligent.
In the case of the Simmons Bank data breach, it would appear that Simmons Bank did not experience a breach and, therefore, is not likely responsible for consumers’ information being compromised. However, because these companies trusted Mayer Brown and AMS Collaborators, these companies accepted a duty to protect your information. Thus, in third party data breaches such as this one, it is the breached entity that is most often liable to consumers.
At Console & Associates, P.C., our consumer privacy lawyers monitor all security and data breaches to help affected consumers pursue their legal remedies. We offer free consultations to victims of data breaches and can explain your rights in clear, understandable terms so you can make an informed decision about how to proceed with your case. If you’ve been affected by the Mayer Brown data breach or any other data security incident, Console & Associates, P.C., will investigate your case at no charge and offer you thorough advice about how to most effectively proceed with your case. If you decide to bring a case, we only get paid if you do. If your claim is successful, any legal fees are either paid by the defendant or come out of the funds recovered from the defendant. If your claim doesn’t result in a recovery, you will pay nothing.
To schedule your free consultation, just call (866) 778-5500 today or fill out our secure contact form.
Below is a copy of the initial data breach letter issued by Mayer Brown (the actual notice sent to consumers can be found here):
Dear [Redacted],
Simmons Bank is committed to protecting the security and privacy of its customers’ information. As part of that commitment, we work to identify potential security concerns and take appropriate responsive actions to protect customer privacy.
What happened? On September 21, 2022, Simmons Bank was informed by its vendor, Mayer Brown LLP, of a cybersecurity incident affecting Mayer Brown’s vendor, AMS Collaborator, which provides a file sharing service. Unfortunately, certain customer data may have been accessed and/or acquired by an unauthorized third party during this incident.
What information was involved? The information involved may include your name, address, Social Security number, and/or Driver’s License number.
What are we doing? Out of an abundance of caution, we have arranged a complimentary 12-month credit monitoring and identity theft subscription provided by Experian.
To activate your subscription and start monitoring your personal information, please follow the steps below:
[Redacted]
What can you do? We understand you may have concerns about this incident. To that end, we have included further information about identity theft or fraud in the “Additional Resources” guidance enclosed with this letter. This section includes recommendations by the Federal Trade Commission regarding identity theft protection and details on how to place a fraud alert or a security freeze on your credit file.
We take the privacy and security of your information very seriously. We sincerely regret any inconvenience this matter may cause you and will continue to work to ensure the protection of your personal information, including when it is held by third-party vendors. Should you have questions or concerns regarding this matter, please do not hesitate to call 1-877-890-9162.
