Recently, NuLife Med, LLC confirmed that the company experienced a data breach after an unauthorized party gained access to the company’s computer network as well as the sensitive consumer information contained on the network. According to NuLife, the breach resulted in the names, addresses, Social Security numbers, medical information, health insurance information, bank account information and credit card information of certain consumers being compromised. On May 9, 2022, NuLife filed an official notice of the breach and sent out data breach letters to all affected parties.
If you received a data breach notification, it is essential you understand what is at risk and what you can do about it. To learn more about how to protect yourself from becoming a victim of fraud or identity theft and what your legal options are in the wake of the NuLife Med data breach, please see our recent piece on the topic here.
What We Know About the NuLife Med Data Breach
According to the official notice filed by the company, on around March 11, 2022, the company noticed suspicious activity on its computer systems. In response, NuLife launched an investigation to learn more about the incident, as well as whether any consumer data was compromised as a result. This investigation confirmed that between March 9, 2022 and March 11, 2022, an unauthorized party was able to access files containing consumer data. Upon discovering that sensitive consumer data was accessible to an unauthorized party, NuLife Med then reviewed the affected files to determine exactly what information was compromised. While the breached information varies depending on the individual, it may include your name, address, medical information and health insurance information, Social Security number, driver’s license information, and financial account or credit card information.
On May 9, 2022, NuLife Med sent out data breach letters to all individuals whose information was compromised as a result of the recent data security incident.
Who Is Responsible for a Data Breach?
Under the U.S. data breach laws, consumers whose personal information is exposed in a data breach may have legal recourse against a company they entrusted their information to. Most data breach lawsuits are based on the legal concept of negligence. Thus, a data breach victim can prove a case against a company by showing that the company was negligent in storing or protecting their information.
There are several ways a company might act negligently leading up to a data breach. For example, the following situations may give rise to a data breach class action lawsuit brought by consumers whose personal information was leaked in a data breach:
A company fails to employ an adequate data security system, or relies on an outdated system;
A company mistakenly transmits consumer information to an unauthorized party;
A company employee fails to follow the proper procedures when handling consumer data; or
An employee responds to a phishing attack, either by clicking on a link or providing sensitive information to an unauthorized party.
Of course, given the complexities of companies’ information technology systems these days, there are many other ways a company can act negligently with regard to consumer data. Those with questions about a company’s liability following a data breach should reach out to a dedicated data breach lawyer for immediate assistance.