Posted On January 11, 2023 Consumer Privacy & Data Breaches
January 11, 2023 – Elevate Services, Inc. filed notice of a data breach with the Attorney General of California on December 28, 2022 after discovering that consumer information had been leaked in a ransomware attack. According to the filing, information accessed included consumers’ first and last names, Social Security numbers, dates of birth, medical history, claims history, compensation information, and addresses. Once Elevate confirmed the data breach, the company sent notification letters to all victims of the breach.
The investigation by data breach lawyers at Console & Associates, P.C. into the breach at Elevate Services, Inc. is ongoing. We offer free consultations to individuals affected by the ransomware attack to learn about their options going forward and whether they can pursue a lawsuit for damages in the form of financial compensation from Elevate.
Elevate Services, Inc. is a business services company providing technological support, consulting services, and other services to law departments, law firms, and lawyers. Originally founded in 2011 in Los Angeles, California, Elevate now employs more than 1,240 people and annually generates approximately $87 million in revenue.
According to filings with the Attorney General of California, Elevate became aware of the breach on March 14, 2022 when the company discovered that its computer systems were encrypted. After ensuring security on its computer systems and informing law enforcement, Elevate investigated the attack to determine what, if any, information had been leaked.
The investigation revealed that, on March 5, 2022, its computer system had been accessed by an unauthorized party and that consumer information, such as first and last names, Social Security numbers, dates of birth, medical history, claims history, compensation information, and addresses had been leaked. The unauthorized party retained access until March 15, 2022.
On December 28, 2022, Elevate sent out data breach notification letters to all individuals who were affected by the leak.
If you’ve received a data breach notification letter from Elevate Services, Inc., then your information might be in the hands of a hacker looking to commit crimes with your information. One of the most common crimes that can be committed with the information leaked is identity theft. Learn how you can mitigate the impact of identity theft, and maybe even prevent it, with the steps listed below. This list is not comprehensive, and you may wish to take additional steps.
The letter sent by Elevate Services, Inc. contains information pertinent to the breach. Some of the information included may be whether anyone affected by the attack has been hit with identity theft or fraud. It may also include specifics about the attack, like how it happened, and what the company is doing to prevent such attacks in the future.
Hackers try to use the information they receive immediately and not give victims the chance to close out or freeze any accounts. However, there’s a chance that they don’t yet have all the information needed to commit the crimes they’re looking to commit. They might hold onto the information longer and use it at a future time when they have all the information they need. For that reason, you should continue to monitor your credit reports and financial accounts long after you think it’s necessary to. It could be weeks or even months after the leak that your information gets used.
Fraud Alerts and a Credit Freeze are services that are free of charge from the major credit bureaus. You should take advantage of these free services that have proven to stop criminals from using your information. A fraud alert will generally alert companies checking your credit that someone is attempting to commit fraud with your information. A credit freeze will stop any company from checking your credit at all without approval from you.
The consumer privacy lawyers at Console & Associates, P.C. help customers affected by data and security breaches pursue legal solutions by offering free consultations. By explaining your rights in clear, concise terms, we help you make an informed decision about your next steps. If you are a victim of the Elevate Services, Inc. data breach, Console & Associates, P.C. will investigate at no charge to you and offer advice on how to proceed. If you decide to pursue a case, rest assured that we don’t get paid unless you do. If your claim is successful, legal fees are either paid out of the funds recovered or by the defendant. If your claim is not successful, you pay nothing.
Below is a portion of the letter sent out to affected individuals:
Elevate Services, Inc. (“Elevate”) is writing to inform you of a recent data security event that may involve some of your information. Among other services and technology offerings, Elevate provides legal support services to law firms and insurance companies handling personal injury claims. Your medical records were being reviewed in connection with a personal injury claim. Although we are unaware of any actual misuse of your information, we are providing you with information about the event, our response, and steps you may take to better protect against the possibility of identity theft and fraud, should you feel it is necessary to do so.
What Happened? On March 14, 2022, we became aware that certain computer systems in our environment were inaccessible as a result of malicious file encryption. We immediately took steps to secure our systems and launched an investigation to determine the full nature and scope of the event. We also promptly notified federal law enforcement.
Through our investigation, we determined that an unknown actor gained access to a limited number of our systems between March 5, 2022 and March 15, 2022, and certain files on those systems were accessed and downloaded by the unknown actor. The investigation was unable to determine which specific files within those systems were actually impacted.
Therefore, in an abundance of caution, we performed a comprehensive review of the contents of the affected systems to determine what information could have been contained in the impacted files and to whom the information related. Upon completion of the review, we then conducted a manual review of our records to confirm the identities of individuals potentially affected by this event and the Elevate customers with whom they were associated. The review was recently completed.
What Information Was Involved? Although the investigation could not determine the specific impacted files, the following types of information relating to you were present on our systems during the event: your name, address, date of birth, personal injury claim and/or legal documentation, partial or full medical history, medical billing history, Social Security number, driver’s license number, and employment information and/or compensation information.
What We Are Doing. We take this event, and the security of information, very seriously. Upon becoming aware of the event, we immediately took steps to secure our systems. We also conducted an investigation to confirm the nature and scope of the activity and determine who may be affected. Additionally, while we have safeguards in place to protect data in our care, we further enhance our technical and administrative processes as part of our ongoing commitment to data security. As an additional precaution, we are offering complimentary credit monitoring and identity restoration services for twelve (12) months through Kroll.
What You Can Do. We encourage you to remain vigilant against incidents of identity theft and fraud, to review your account statements, and monitor your credit reports for suspicious activity and to detect errors. You may also review the information contained in the enclosed Steps You Can Take to Protect Personal Information. There you will find more information on the credit monitoring and identity restoration services we are making available to you. While we will cover the cost of these services, you will need to complete the activation process. Enrollment instructions are enclosed with this letter.
For More Information. If you have additional questions, please call our dedicated assistance line at [Redacted], Monday through Friday, 9:00am to 6:30pm Eastern Standard Time (except U.S. holidays). You may also write to Elevate at 2375 E. Camelback Rd., Suite 690, Phoenix, AZ 85016.