EMC National Life data breach

EMC National Life Company Data Breach Notice

Please Note: Despite the return address listed as “Return Mail Processing Center – P.O. Box 6336, Portland Oregon” EMC National’s privacy breach notice is not spam.

According to online reports due to the odd return address, consumers sometimes disregard data breach notices from “Return Mail Processing Center” as spam.

On April 8, 2022, EMC National Life Company (“EMC”) reported a security incident that caused customer personal information to be acquired from its network between December 28 – December 30, 2021. EMC discovered the intrusion, approximately 2 months later, on March 9, 2022.

EMC National Life Data Breach Details

The personal information that may have been acquired includes:

  • Full Name

And one or more of the following:

  • Social Security numbers
  • Taxpayer identification numbers
  • Driver’s license numbers
  • Financial Account Information
  • Payment Card Information
  • Date of Birth
  • Medical Information

EMC is offering one year of complimentary credit monitoring through Experian’s IdentityWorksSM.

According to EMC, on April 8, 2022, the company began sending out Notices to affected individuals via U.S. Mail. The Notice on record with the California data breach reporting system includes a return address of:

Return Mail Processing Center
P.O. Box 6336
Portland, OR 97228-6336

The full text of the EMC Notice of Data Breach can be found here.

Special California Privacy Laws Protect You

 California has laws that specifically protect your personal information.

  • The California Customer Records Act requires businesses to put into place and maintain reasonable security procedures and practices to protect consumer’s personal information.
  • The California Consumer Privacy Act (CCPA) contains many protections for personal information of California residents.
  • The California Confidentiality of Medical Information Act (CMIA) requires that every health care provider and health care service plan who maintains medical information do so in a manner that preserves its confidentiality.

If certain types of personal information, like Social Security numbers and names, are left unencrypted and are accessed, stolen, or hacked because a business didn’t fulfill its obligation to implement and maintain reasonable security, an affected California resident can sue to protect their rights under the CCPA and CCRA.  Medical information is additionally covered by the CMIA.

If you are a California resident and received a Recent Notice of Data Breach from EMC National Life, you may be entitled to between $100 and $1,000 or your actual damages, whichever is greater. Participants in data breach lawsuits can recover damages, injunctive relief (to make sure that the business has reasonable security practices to protect consumer data from being leaked again), and anything else the court concludes is necessary to compensate data breach victims and prevent these harms from reoccurring.

If I follow the steps in the EMC Data Breach Notice, will that prevent my personal information from being sold on the dark web?

“Dark web” monitoring can sometimes tell you if your information is being offered for sale to cyber thieves but cannot actually prevent the sale of that information.

Experian’s IdentityWorksSM does provide for dark web monitoring. Unfortunately, if you are the victim of a data breach you will still need to be on the lookout.  You must remain ever watchful for unapproved credit card charges, identify theft, tax fraud and other illegal uses of your personal information.

You Have Important Legal Rights Under California’s CCPA

The CCPA is the most comprehensive state privacy law in the country. It also provides consumers other important rights.  These include:

  • The right to see a copy of the personal data a business has collected about you, free of charge.
  • The right to find out why a business has collected your personal information, what it has shared (by category), who it was collected from (by source type), and who it has shared your data with (by category).
  • The right to have your personal information deleted from any business that collected it directly from you.
  • The right to find out if your data is being sold.
  • The right to opt-out of the sale of your data without being discriminated against.

When businesses decide to collect and keep personal data about California customers or visitors to their websites, under California law they take on the obligation to protect that information and keep it safe from hackers, thieves, and other criminals.