Posted On January 9, 2023 Consumer Privacy & Data Breaches
January 9, 2023 – SAIF Corporation filed notice of a data breach with the Texas Attorney General on January 6, 2023 after learning of an incident involving unauthorized access of a third party. According to the filing, the information that was accessed included worker’s compensation claimants’ first and last names, driver’s license numbers, financial account information, Social Security numbers, medical history information, and insurance policy information. Once SAIF confirmed the data breach, the company sent breach notification letters to all individuals affected.
There is an ongoing investigation by data breach lawyers at Console & Associates, P.C. If you are a recipient of a data breach notification letter from SAIF, your information may be in the hands of an unauthorized party. We are offering free consultations to help victims of the attack learn about the risks of identity theft, what you can do to protect yourself, and if you can receive financial compensation from SAIF.
SAIF Corporation is a state-chartered workers’ compensation insurance company that is not-for-profit. Originally founded in 1914 in Salem, Oregon, SAIF now employs over 901 people and generates annual revenue of approximately $973 million. It is the largest workers’ compensation insurance company in the state of Oregon. The company holds a market share of 55%, with over 55,000 people insured as of December 2021. The company has several offices throughout Oregon, located in Eugene, North Bend, Bend, Salem, Medford, and Portland.
According to the filing with the Texas Attorney General and a notice posted on the company’s website, SAIF detected a breach by an unauthorized party on its computer system on October 24, 2022. The company provided no further detail on how the system had been hacked. After ensuring that company servers had been secured and informing law enforcement, SAIF began an investigation with the help of third-party cybersecurity experts to determine what information had been leaked. After the investigation concluded, SAIF determined that workers’ compensation claimants’ confidential information had been leaked, including first and last names, driver’s license numbers, financial account information, Social Security numbers, medical history information, and insurance policy information. However, the leaked information varies by individual.
On January 6, 2023, SAIF Corporation sent breach notification letters to all affected individuals. The number of individuals affected is unknown as yet, but the company insures over 55,000 people.
If a company is found negligent in maintaining confidential information, it can be held financially liable for a data breach. Many victims end up being the target of identity theft and other similar frauds. Data breaches affect millions of individuals a year and can take a significant amount of time to be resolved.
Companies that have been hacked are victims of the breach as well and are often targeted by hackers with sophisticated scams meant to circumvent security. However, companies that are on top of cybersecurity can stop most breaches and quickly eradicate the ones they couldn’t.
Some of the ways that companies could be seen as negligent in securing consumer information are with antiquated security systems or little to no maintenance on their security systems. Phishing is also a common scam, often targeting employees for access to computer systems. Companies can prevent phishing scams by properly training employees to identify and report them.
Though the investigation into the SAIF Corporation data breach is ongoing, it’s best to know your options. If there is evidence of negligence by SAIF Corporation in keeping your confidential information secure, you may be able to pursue a data breach lawsuit and receive financial compensation for damages as a result of the data breach.
The consumer privacy lawyers at Console & Associates, P.C. help customers affected by data and security breaches pursue legal solutions by offering free consultations. By explaining your rights in clear, concise terms, we help you make an informed decision about your next steps. If you are a victim of the SAIF Corporation data breach, Console & Associates, P.C. will investigate at no charge to you and offer advice on how to proceed. If you decide to pursue a case, rest assured that we don’t get paid unless you do. If your claim is successful, legal fees are either paid out of the funds recovered or by the defendant. If your claim is not successful, you pay nothing.
Below is a notice posted to their website:
On October 24, SAIF experienced a brief period of unauthorized access to our network. Immediately upon discovering the incident, we took steps to contain and eradicate the threat, launched an investigation with the support of third-party cybersecurity experts, and contacted law enforcement. On October 27, we discovered personal information was likely acquired during the incident.
What information was involved?
During the limited period of access, the unauthorized third-party was able to view and/or acquire archived files containing certain data related to our policyholders and certain groups of claimants.
Following an analysis of that data by third-party cybersecurity experts, we have evidence to suggest that the majority of the accessed data was from information collected prior to 2003. If you had a policy or a claim before January 1, 2003, there is a possibility that your data was compromised. For policyholders, that data may have included Social Security numbers, financial account numbers, and medical information about employees of policyholders. For claimants, the data may have included Social Security numbers, driver’s license numbers, financial account numbers, health insurance policy numbers, and medical history information.
There is also evidence a limited amount of recent claimant data may have been impacted. If you are a claimant and received any written communication from SAIF on your claim dated between September 24, 2022, and October 25, 2022, there is a possibility that data was also compromised. This data was limited to the accepted and denied medical conditions in the claim.
Through our investigation, there was a portion of the acquired customer data that we weren’t able to identify, nor were we able to identify the type of information that was possibly included.
What is SAIF doing?
We took several steps to investigate the incident and mitigate harm, including efforts to restore the security of our systems and to determine the scope of the incident. We also contacted law enforcement. After an extensive investigation, we discovered that certain files may have been acquired by an unauthorized third-party. At present, we have no evidence of attempted or actual misuse of any information as a result of this incident.
We are providing this notice to make you aware of the incident and make available complimentary identity protection and credit monitoring services to help protect your information. See “What can you do?” below. We also assembled information that you may use to protect your identity, credit, and personal information. See “What else can you do to protect your personal information?” below.
SAIF endeavors to protect the privacy and security of your personal information. We have thoroughly analyzed this incident and are making improvements to our security controls to help prevent similar incidents in the future.
What can you do?
While we have no evidence of attempted or actual misuse of any information as a result of this incident, SAIF is making available ID theft and credit monitoring services for the period required by state law, which shall be at least 12 months, at no cost to you, through IDX to all potentially affected individuals who enroll. For individuals who would like to enroll in these services or who have questions related to this incident, SAIF has established a toll-free response line that can be reached at 833.896.5482, and is available Monday through Friday, 6 a.m. to 6 p.m. PST. If you are interested in enrolling in these services, the deadline to enroll is March 8, 2023.
This notice also provides other precautionary measures you can take to protect your personal information, including placing a fraud alert and security freeze on your credit files and obtaining a free credit report. Additionally, you should always remain vigilant in reviewing your financial account statements and credit reports for fraudulent or irregular activity on a regular basis. See “What else can you do to protect your personal information?” below.
Please call 833.896.5482 for assistance or for any additional questions you may have.
We sincerely apologize for any inconvenience this may cause and would like to reassure you that we are aware of no lingering threat or other illicit activity on our network. The SAIF team takes the security and privacy of our customer’s information very seriously. We have thoroughly analyzed this incident and are making improvements to our security controls to help prevent similar incidents in the future.