Posted On January 27, 2023 Consumer Privacy & Data Breaches
January 27, 2023 – Lutheran Social Services of Illinois filed a data breach notice with the Maine Attorney General on January 25, 2023 after learning of a ransomware attack on the company’s computer network. According to the filing, an unauthorized party gained access to sensitive consumer information like first and last names, Social Security numbers, dates of birth, driver’s license numbers, medical information, financial account information, health insurance information, and biometric information. Once the data leak was confirmed, Lutheran Social Services sent notification letters to all 184,183 individuals affected by the security breach.
The data breach lawyers at Console & Associates, P.C. are actively investigating the Lutheran Social Services data breach. If you are one of the victims of the data breach and want to know more about how you can protect yourself, we are offering free consultations where we can discuss your legal options for receiving financial compensation from Lutheran Social Services. If you recently received a NOTICE OF DATA BREACH from COMPANY, contact us at (866) 778-5500 to discuss your legal options, or submit a confidential contact form for a free case evaluation.
Lutheran Social Services of Illinois is a non-profit organization that provides services such as home care for seniors, mental health and addiction services, affordable housing, prisoner ministry services, and programs for the developmentally and intellectually disabled. Originally founded in 1867, Lutheran Social Services now employs over 741 people and generates approximately $69 million in revenue annually.
According to its filing with the Attorney General of Maine, Lutheran Social Services discovered a ransomware attack on January 27, 2022. The company sought help from a third-party cybersecurity firm in investigating the attack.
Lutheran Social Services confirmed the ransomware attack happened between December 31, 2021 and January 27, 2022 and that confidential consumer information had been accessed. The types of information exposed were consumer information like first and last names, Social Security numbers, dates of birth, driver’s license numbers, medical information, financial account information, health insurance information, and biometric information. While not consistent with each individual, any or all of the information listed may have been leaked due to the attack.
On January 25, 2023, Lutheran Social Services sent notification letters informing all affected individuals of the attack and that their information had been compromised.
A ransomware attack is a type of cyberattack in which hackers install malicious software, or malware, on a company’s computer network. This software encrypts the data and bars the company from accessing its own information. Encryption is when files on the system are encoded, and only those who have the means to decode them have access.
It is called ransomware because hackers will leave a message for the company to pay a fee for access to its files again, a ransom. If the fee is paid, usually the files will be decrypted, and that will be the end of the attack.
However, some hackers employ a much more malicious threat to ensure that the company pays for the files back. If the company has backups of the files, they don’t really have an incentive to pay the fee. So, hackers will threaten to actually release the information onto the dark web if the company doesn’t pay the ransom. This technique is called “double extortion.”
The consumer privacy lawyers at Console & Associates, P.C. help customers affected by data and security breaches pursue legal solutions by offering free consultations. By explaining your rights in clear, concise terms, we help you make an informed decision about your next steps. If you are a victim of the Lutheran Social Services of Illinois data breach, Console & Associates, P.C. will investigate at no charge to you and offer advice on how to proceed. If you decide to pursue a case, rest assured that we don’t get paid unless you do. If your claim is successful, legal fees are either paid out of the funds recovered or by the defendant. If your claim is not successful, you pay nothing.
To schedule your free consultation, just call (866) 778-5500 today or fill out our secure contact form.
Below is a portion of the letter sent to affected individuals:
Dear [Redacted],
The privacy of your personal information is of utmost importance to Lutheran Social Services of Illinois (LSSI). We are writing to provide you with important information about an incident which involves the security of some of your personal and health information that was supplied to us. We want to provide you with information regarding the incident, and explain the services we are making available to help safeguard your information against potential identity fraud. We also are providing additional steps you can take to further protect your information.
What Happened?
On January 27, 2022, LSSI discovered its network had been affected by a ransomware attack.
What We Are Doing.
Upon learning of this issue, we contained the threat by disabling and isolating the affected systems, and immediately began a prompt and thorough investigation. As part of our investigation, we worked very closely with external cybersecurity professionals experienced in handling these types of incidents. We also notified law enforcement and appropriate state and federal regulatory agencies about the incident. After an extensive forensic investigation and comprehensive review of all the data impacted, on December 28, 2022, we discovered that certain personal information maintained on our systems was potentially accessed by an unauthorized party from December 31, 2021 to January 27, 2022. At that time, we began a process to notify the individuals potentially affected by this incident.
What Information Was Involved?
The potentially accessed information include your [Redacted].Please be assured, at this time, LSSI has no evidence that information involved in this incident has been used for identity theft or financial fraud.
What You Can Do. We have taken all available measures to protect your information upon discovering this incident, including reviewing and revising our information security practices, and bolstering our existing security to reduce the chance of a future incident.
To further protect your information, we are providing you access to Single Bureau Credit Monitoring/Single Bureau Credit
Report/Single Bureau Credit Score services at no charge. These services provide you with alerts for 12 months from the date of enrollment when changes occur to your credit file. This notification is sent to you the same day that the change or update takes place with the bureau. Finally, we are providing you with proactive fraud assistance to help with any questions that you might have or in the event that you become a victim of fraud. These services will be provided by Cyberscout through Identity Force, a TransUnion company specializing in fraud assistance and remediation services. This service is completely free to you, and enrolling in this program will not hurt your credit score. For more information on identity theft prevention, including instructions on how to activate your complimentary 12 months – membership, please see the additional information provided in this letter.
This letter also provides other precautionary measures you can take to protect your personal information, including placing a Fraud Alert and/or Security Freeze on any credit files, and/or obtaining a free credit report. Additionally, you should always remain vigilant in reviewing your financial account statements and monitoring your free credit reports for fraudulent or irregular activity on a regular basis.
Please accept our apology that this incident occurred. We are committed to maintaining the privacy of your information and have taken many precautions to help safeguard it. We continually evaluate and modify our practices to enhance the security and privacy of the personal information in our possession, and have taken steps to further protect unauthorized access to individual records.
For More Information.
If you have any further questions regarding this incident, please call our dedicated and confidential toll-free response line that we have set up to respond to questions at [Redacted]. This response line is staffed with professionals familiar with this incident and knowledgeable on what you can do to help protect against misuse of your information. The response line is available Monday through Friday, 8:00 a.m. to 8:00 p.m. Eastern Time, excluding holidays.
