Gershman Investment Corp. Announces Data Breach | Console and Associates, P.C. | #itsecurity | #infosec


Recently, Gershman Investment Corp. confirmed that the company experienced a data breach after an unauthorized party gained access to the company’s computer network and the sensitive consumer data contained on the network. According to Gershman, the breach resulted in the names, Social Security Numbers, driver’s license numbers, passport numbers, and financial account numbers being compromised. On May 13, 2022, Gershman filed official notice of the breach and sent out data breach letters to all affected parties.

If you received a data breach notification, it is essential you understand what is at risk and what you can do about it. To learn more about how to protect yourself from becoming a victim of fraud or identity theft and what your legal options are in the wake of the Gershman Mortgage data breach, please see our recent piece on the topic here.

What We Know About the Gershman Mortgage Data Breach

According to an official notice filed by the company, in September 2021, Gershman Mortgage first detected a cybersecurity incident that temporarily impacted the company’s computer systems. Upon learning of the incident, the company secured its systems and retained the assistance of a cyber security consultant to conduct an investigation into the attack. Initially, the company was not aware that the cyberattack resulted in the leaking of any consumer information.

However, in December 2021, additional information came to light, prompting Gershman Mortgage to secure the assistance of another cybersecurity firm to “reinitiate” the investigation. The second investigation confirmed that an unauthorized party was able to access files on the company’s computer system containing sensitive consumer data. The unauthorized party had access between September 7, 2021 and 22, 2021.

Upon discovering that sensitive consumer data was accessible to an unauthorized party, Gershman Mortgage then reviewed the affected files to determine exactly what information was compromised. This process was completed on April 13, 2022. While the breached information varies depending on the individual, it may include your name, Social Security Number, driver’s license number, passport number, and financial account number.

On May 13, 2022, Gershman Mortgage sent out data breach letters to all individuals whose information was compromised as a result of the recent data security incident.

More Information About Gershman Investment Corp.

Gershman Investment Corp. is a mortgage company based out of St. Louis, Missouri. The company provides a variety of home loan products to residential buyers through more than 30 locations across the United States. Some of the products the Gershman Mortgage offers include Rural Housing (USDA) loans, conventional mortgage loans, refinance loans, FHA loans, VA loans, and jumbo loans. Gershman Mortgage employs more than 250 people and generates approximately $128 million in annual revenue.

Do Companies Need to Report a Data Breach?

In general, yes, a company that experienced a data breach must report the breach with the state, and possibly, the federal government. Every state as well as the District of Columbia has data breach laws requiring a company to provide notice of a breach to victims. However, every state’s laws are different in terms of which breaches must be reported and when they must be reported.

Currently, there is no federal data breach law requiring companies to report a breach. Thus, whether a company needs to report a data security incident depends on where the company is based and where the victims of the breach live. Generally, most states require a company to report a breach that exposes consumers’ “personally identifiable information.” However, because each state has its own laws on the topic, the definition of “personally identifiable information” varies. The result is that, following a data breach, the company may need to report the incident in some states, but not others.

The idea behind requiring companies to provide notice of a data breach to affected parties is that it gives victims the chance to mitigate the potential harms associated with the breach. In most cases, this includes identity theft and other frauds.

Additionally, data breach notification laws encourage all companies to take consumer privacy laws seriously because a company that experiences a breach will have to make the incident public. Thus, companies may take additional steps to protect data to avoid developing an image of being reckless with consumer data

If you were impacted by a recent data breach and want to learn more about your rights and potential remedies, reach out to a data breach lawyer for assistance.



Original Source link

Leave a Reply

Your email address will not be published.

thirty − twenty three =