creative services data breach

Creative Services Sends Data Breach Notices to California Consumers

Multiple class action lawsuits filed as investigation continues

On April 18, 2022, Creative Services, Inc., a background screening and security consulting company, reported a data breach to California’s Office of the Attorney General.

According to the Data Breach Notice sent to California consumers, the company learned that, on November 23, 2021, certain customer files might have been copied from their systems as part of cyber-attack.

Creative Services completed their internal review to identify what information was potentially contained in impacted files. Their investigation was completed by January 2022, with notice to California consumers starting sometime thereafter.

Four Massachusetts state class action lawsuits have already been filed against the company. The total number of affected individuals is currently estimated to be over 165,000.

No California class action lawsuits or claims have been filed.

What Personal Information is Potentially at Risk?

  • Your Name
  • Your Date of Birth
  • Your Social Security Number
  • Your Driver’s License Number

Creative Services is offering 12 months of credit monitoring through Equifax. Be aware that there is a deadline for activating that complimentary service.

A link to Creative Services’ Notice of Data Breach posted by the State of California can be found here.

If I follow the steps in the Creative Services Data Breach Notice, will that prevent my personal information from being sold on the dark web?

“Dark web” monitoring can sometimes tell you if your information is being offered for sale to cyber thieves but cannot prevent the sale of that information.

Experian’s IdentityWorksSM does provide for dark web monitoring. Unfortunately, if you are the victim of a data breach you will still need to be on the lookout. You must remain ever watchful for unapproved credit card charges, identify theft, tax fraud and other illegal uses of your personal information.

What other steps can I take to safeguard my data from cyber-thieves?

There are many actions you can take to safeguard your personal data, including:

  1. Review your credit reports
  2. Review your account statements
  3. Remain vigilant and respond to suspicious activity
  4. Consider placing a “fraud alert” with one of the three nationwide credit bureaus
  5. Be aware that you have the right to place a “security freeze” on your credit report

Special California Privacy Laws Protect Your Personal Information

California has laws that specifically protect your personal information.

  • The California Customer Records Act (CCRA) requires businesses maintain reasonable security procedures and practices to protect consumer’s personal information. It also requires notification of affected California customers quickly and without unreasonable delay.
  • The California Consumer Privacy Act (CCPA) contains many protections for personal information of California residents, including data subject access rights, the right of data deletion, information rights, non-discrimination rights, and the right to opt out of the sale of personal information.

When certain types of personal information, like Social Security numbers and names, are left unencrypted and are accessed, stolen, or hacked because a business didn’t fulfill its obligation to implement and maintain reasonable security, an affected California resident can sue to protect their rights under the CCPA and CCRA.

If you are a California resident and received a Recent Notice of Data Breach from Creative Services, you may be entitled to between $100 and $750 or your actual damages, whichever is greater.

Participants in data breach class action lawsuits can recover damages, injunctive relief (to make sure that the business has reasonable security practices to protect consumer data from being leaked again), and anything else the court concludes is necessary to compensate data breach victims and prevent these harms from reoccurring.

Corporations Should Be Held Accountable for Data Breaches

When corporations decide to collect and keep personal data about California consumers, under California law they take on the obligation to protect that information and keep it safe from hackers, thieves, and other criminals.

This personal data is incredibly valuable, both to businesses and to criminals who want to sell that information on the dark web to identity thieves and other black marketeers.

However, “it is clear that many organizations need to sharpen their security skills, trainings, practices, and procedures to properly protect consumers.”[1] The stakes are high: Data breach victims are more likely to also be victims of additional fraud.[2]



[1] Source: K. Harris, former Attorney General, California DOJ, California Data Breach Report 2012-2015 (2016).

[2] Same