Posted On December 28, 2022 Consumer Privacy & Data Breaches
December 28, 2022 – After a ransomware attack that exposed sensitive consumer information in their possession, IBW Financial Corporation filed notice of a data breach with the Montana Attorney General’s office on December 23, 2022. According to the filing, an unauthorized party gained access to consumer information such as full names, dates of birth, driver’s license or state identification numbers, addresses, Social Security numbers, financial account numbers, and health insurance information. Once confirmed that there was a consumer data leak, IBW sent out notification letters to all individuals affected by the data security breach.
The data breach lawyers at Console & Associates, P.C. are actively investigating the IBW data breach. If you have received a breach notification and are interested in learning about the risks of identity theft and what you can do to protect yourself, we are offering free consultations where we can discuss your legal options for receiving compensation from IBW.
The IBW Financial Corporation is a holding company for Industrial Bank, a financial institution that offers various services, like credit cards, mortgage loans, and checking and savings accounts. Originally founded in 1934, Industrial Bank now has eight branches located in Ozon Hill, MD; Halsey Street, NJ; Newark, NJ; Harlem, NY; and three branches in Washington, D.C. Industrial Bank employs over 128 people and generates approximately $34 million in revenue annually.
According to its filing with the Attorney General of Montana, IBW determined that it had been the target of a ransomware attack when it realized that an unauthorized party had gained access to an employee email account on September 30, 2021. The company does not reveal further details on how the incident came to be. The company began working with a third-party cybersecurity company to investigate the attack and determine what consumer information had been leaked.
After learning that the consumer data was exposed to a third party, IBW’s next step was to review the files and determine what information was made available. The types of information exposed were full names, dates of birth, driver’s license or state identification numbers, addresses, Social Security numbers, financial account numbers, and health insurance information. While not consistent with each individual, any or all of the information listed may have been leaked due to the attack.
On December 23, 2022, IBW Financial Corporation sent out letters to all individuals whose sensitive information had been compromised.
If you receive a notice of a data breach from IBW Financial Corporation, it means your personal information was included in the data breach. Your name, birth date, Social Security number, and driver’s license number are now in the hands of an unknown party.
Data breaches are becoming more common, with recent reports indicating that, in the second half of 2022, data breaches increased by over 50% more than in the same time period the previous year.
As a result, consumers should be aware of the steps to take should their information be leaked in a breach. This list is not comprehensive, and if your financial accounts or Social Security number has been leaked, you may want to take additional steps.
Companies are required by U.S. data breach laws to inform victims any time their information has been compromised by an unauthorized party. The first thing to do is carefully read the letter if one has been sent to you. Pertinent information on the attack is in these letters, like how your information was accessed, what the company is doing to protect your data in the future, and whether anyone else affected has been the victim of fraud or identity theft. Read the data breach letter carefully to get all the information and use it to determine your next steps.
Hackers tend to move fast once the information is in their hands. If they wait too long, they allow victims to close and freeze accounts before the information can be used criminally. Sometimes, however, hackers do not get all the information required in the breach and have to obtain additional information from other sources, so they may not use it immediately. That is why monitoring your accounts for a few months after the breach is imperative.
Credit monitoring will alert you of any suspicious activity on your accounts. Services like this typically cost between $20 to $40 a month. Industrial Bank offers this service free of charge to all breach victims. Take advantage of the service and use it to keep an eye on your accounts for months after the initial breach. Taking a company’s offer for free credit monitoring does not affect your right to bring a lawsuit against the company for a data breach if evidence of negligence has been found.
Unlike credit monitoring, credit freezes and fraud alerts are services the major credit bureaus provide for free. A fraud alert will inform companies checking your credit that someone may be attempting to use your information for their own purposes. A credit freeze stops companies from checking your credit without approval from you. While a credit freeze may seem extreme, the Identity Theft Resource Center reports that it is the most effective way to prevent fraud after your personal information has been leaked.
Any time your information is compromised by a data breach, it is wise to change all passwords for online accounts. Don’t just change the passwords for accounts that were breached, change all of them. Hackers may be able to obtain further information using other online accounts of yours.
The consumer privacy lawyers at Console & Associates, P.C. help customers affected by data and security breaches pursue legal solutions by offering free consultations. By explaining your rights in clear, concise terms, we help you make an informed decision about your next steps. If you are a victim of the IBW Financial Corporation data breach, Console & Associates, P.C. will investigate at no charge to you and offer advice on how to proceed. If you decide to pursue a case, rest assured that we don’t get paid unless you do. If your claim is successful, legal fees are either paid out of the funds recovered or by the defendant. If your claim is not successful, you pay nothing.
To schedule your free consultation, just call (866) 778-5500 today or fill out our secure contact form.
Below is a copy of the initial data breach letter issued by IBW Financial Corporation (here is the actual notice sent to consumers):
Dear [Redacted],
IBW Financial Corporation is writing to notify you of an incident that may affect the security of some of your information. While we are not aware of any actual or attempted misuse of your information, we are providing you with an overview of the incident, our ongoing response, and resources available to you to help protect your information, should you feel it is appropriate to do so.
What Happened? On September 30, 2021, IBW Financial Corporation became aware that an employee’s computer was subject to unauthorized access. We immediately launched an investigation with the assistance of third-party computer specialists to determine the nature and scope of the event. The investigation determined that the employee’s computer was subject to unauthorized access on September 30, 2021 for a period of several minutes. During this time period, the unauthorized actor opened certain files stored on the affected computer, although the investigation was unable to determine the extent of information within each file that may have been viewed, or if any individuals’ specific information was actually viewed. Upon this discovery we began a detailed review of the accessed files to determine what information was contained therein. On October 19, 2022, our review was complete and we determined that the files contained information relating to certain individuals, including you.
What Information Was Involved? Although we have no evidence that your specific information was actually accessed or viewed without permission, we are providing you this notification in an abundance of caution. The following types of your information may have been affected by this incident: your name and [Redacted].
What We Are Doing. Upon discovery of this incident, we launched an investigation with the assistance of third-party forensic investigators to determine the full nature and scope of the unauthorized activity, and worked to increase the security of our systems. As part of our ongoing commitment to the privacy of information in our care, our policies and procedures are being reviewed and enhanced where possible, additional safeguards have been implemented, and additional workforce training is being conducted to reduce the likelihood of a similar event in the future.
As an added precaution, we are also offering you twenty-four (24) months of complimentary access to credit monitoring services through Epiq. Individuals who wish to receive these services must enroll by following the enrollment instructions found in the enclosed Steps You Can Take to Protect Personal Information.
What You Can Do. We encourage you to remain vigilant against incidents of identity theft and fraud by reviewing your account statements and monitoring your free credit reports for suspicious activity and to detect errors over the next 12 to 24 months. You may also review the enclosed Steps You Can Take To Protect Personal Information for additional guidance to better protect against the possibility of identity theft and fraud. We also encourage you to enroll in the complimentary credit monitoring services we are offering you.
For More Information. We understand that you may have questions about this incident that are not addressed in this letter. If you have questions or need assistance, please call 877-642-8901 Monday through Friday from 9:00 am to 9:00 pm EST.
