Earlier this year, Aon PLC reported a data breach stemming from an incident in which an unauthorized party was able to access the company’s servers for more than a year. Based on the initial documents filed by the company, the breach resulted in the names, Social Security numbers, driver’s license numbers and benefits enrollment information of approximately 31,799 individuals being leaked. However, more recently, on June 24, 2022, Aon, PLC, released a subsequent filing indicating that 145,889 people were affected by the breach.
If you received a data breach notification, it is essential you understand what is at risk and what you can do about it. To learn more about how to protect yourself from becoming a victim of fraud or identity theft and what your legal options are in the wake of the Aon data breach, please see our recent piece on the topic here.
What We Know About the Aon Data Breach
The Aon data breach followed in the wake of the company’s discovery that an unauthorized party had access to its IT network for more than a year. Based on the data breach notification sent to affected parties, Aon discovered the incident on February 25, 2022. In response, the company worked with cybersecurity experts to investigate the incident.
Aon’s investigation confirmed that an unauthorized party had access to its computer system between the dates of December 29, 2020 and February 26, 2022. Aon and its investigators also determined that the unauthorized party “temporarily obtained certain documents containing personal information from Aon systems during this period.”
After discovering that sensitive consumer information was subject to unauthorized access, Aon conducted a comprehensive review of all affected files to determine who was affected and what information was leaked. While the breached information varies depending on the individual, it may include your name, Social Security number, driver’s license number and benefits enrollment information.
On May 27, 2022, Aon sent out “Notice of Data Breach” letters to nearly 32,000 people. However, the company determined that the breach impacted more people than initially thought and, on June 24, 2022, Aon sent additional “Notice of Data Breach” to all 145,889 individuals whose information was compromised as a result of the incident.
More Information About Aon, PLC
Aon, PLC is a global professional services company based in London, England. Aon provides a wide range of risk-mitigation products, including insurance, pension administration, and health insurance plans. The company also provides reinsurance and wealth management services. Founded in 1982, Aon operates in 120 countries and is traded on the New York Stock Exchange under the ticker symbol “AON.” Aon employs more than 50,000 people and generates more than $12 billion in annual revenue. Aon, PLC is a wholly-owned subsidiary of Aon Global Services
What Are a Consumer’s Remedies in the Wake of a Data Breach?
The aftermath of a data breach can be incredibly stressful. Learning that an unauthorized party—likely a criminal—gained access to your personal information is alarming and is cause for concern. The rate of identity theft has been on the rise over the past several years, and that doesn’t seem to be changing—at least not for the better.
Given both the risks of data breaches as well as the harms they can cause consumers, it is important for consumers to understand that they may have a legal remedy against a company that leaks their information. While not every data breach results in a company being liable, companies that negligently maintained consumer data may be held financially responsible for a data breach, as well as the economic and emotional harms that follow in its wake.
Under existing data breach laws, a company can act negligently regarding consumer information in several different ways. For example, below are some of the ways a company can violate the duty it owes to consumers to protect and safely maintain their information:
A company employee doesn’t follow the correct procedures when handling consumer information;
A company fails to implement and maintain an up-to-date data security system;
A company mistakenly sends consumer information to the wrong party;
A company inadvertently posts sensitive consumer information on a public website;
An employee opens an unsolicited email that installs malware on the employee’s device; or
An employee responds to a phishing attack by providing their login credentials.
These are just a few of the most common examples of negligence; there are many others.
Data breach victims looking to learn more about their rights, what they can do to protect themselves, and how they can pursue a data breach lawsuit should reach out to a dedicated data breach lawyer as soon as possible.