cybercrime alert

DialAmerica Marketing Reports Ransomware and Potential Data Breach

Notifies California Consumers 7 months later

On April 21, 2022, DialAmerica Marketing, a New Jersey company that provides call center services, reported a data breach to California’s Office of the Attorney General.

According to the Data Breach Notice sent to consumers in April 2022, between February 2 and July 9, 2021, an unauthorized person gained access to certain DialAmerica computer systems. California consumers should expect to receive these Notices in the next few weeks if they have not received them already.

The company learned about the breach on July 4, 2021, but stated that it did not complete its review “to confirm the nature and scope of the impacted data and the individuals to whom to that data related” until February 4, 2022 – a full seven months later.

The total number of affected individuals is currently estimated to be over 192,000.

What Personal Information Is Potentially at Risk?

Your name in combination with your address, Social Security number, employer-assigned identification number, and your financial account number or credit or debit card number (in combination with security code, access code, password, or PIN for the account).

In addition, according to recent public reports, individuals’ Health Insurance Policy Numbers or other related information may have been accessed.

DialAmerica is presently only offering 12 months of credit monitoring through Equifax, specifically “Equifax Credit Watch Gold.” Equifax does not describe the benefits of this product on its website.

A link to DialAmerica Notice of Data Breach posted by the State of California can be found here.

What other steps can I take to safeguard my data from cyber-thieves?

There are many actions you can take to safeguard your personal data at no cost to you, including:

  1. Review your credit reports
  2. Review your account statements
  3. Remain vigilant and respond to suspicious activity
  4. Consider placing a “fraud alert” with one of the three nationwide credit bureaus
  5. Be aware that you have the right to place a “security freeze” on your credit report

Special California Privacy Laws Protect You

When certain types of your personal information, such as Social Security Numbers and names, are left unencrypted and are accessed, stolen, or hacked because a business didn’t fulfill its obligation to implement and maintain reasonable security, an affected California resident can sue to protect their rights to protect their personal information under the CCPA and CCRA.

  • The California Customer Records Act (CCRA) requires businesses maintain reasonable security procedures and practices to protect consumer’s personal information. It also requires notification of affected California customers quickly and without unreasonable delay.
  • The California Consumer Privacy Act (CCPA) contains many protections for personal information of California residents, including data subject access rights, the right of data deletion, information rights, non-discrimination rights, and the right to opt out of the sale of personal information.

Participants in data breach lawsuits can recover damages, injunctive relief (to make sure that the business has reasonable security practices to protect consumer data from being leaked again), and any other relief the court concludes is necessary to compensate data breach victims and prevent these harms from reoccurring.

Corporations Should Be Held Accountable For Data Breaches

When businesses decide to collect and keep personal data about California consumers, under California law they take on the obligation to protect that information and keep it safe from hackers, thieves, and other criminals.

This personal data is incredibly valuable, both to businesses and to criminals who want to sell that information on the dark web to identity thieves and other black marketeers. However, “it is clear that many organizations need to sharpen their security skills, trainings, practices, and procedures to properly protect consumers.”[1] The stakes are high: Data breach victims are more likely to also be victims of additional fraud.[2]

You Have Important Legal Rights Under California’s Privacy Laws

The CCPA is the most comprehensive state privacy law in the country. It provides consumers other important rights.  These include:

  • The right to see a copy of the personal data a business has collected about you, free of charge.
  • The right to find out why a business has collected your personal information, what it has shared (by category), who it was collected from (by source type), and who it has shared your data with (by category).
  • The right to have your personal information deleted from any business that collected it directly from you.
  • The right to find out if your data is being sold.
  • The right to opt-out of the sale of your data without being discriminated against.

 

 

[1] Source: K. Harris, former Attorney General, California DOJ, California Data Breach Report 2012-2015 (2016).

[2] Same