On September 13, 2022, The Springs Living, Inc. reported a data breach with the Office of the Montana Attorney General after an unauthorized party gained access to sensitive information on the company’s computer network. After confirming the breach and identifying all affected parties, The Springs Living began sending out data breach letters to all affected parties. While these letters do not disclose the specific types of data that were leaked as a result of the recent incident, based on state reporting guidelines, it would appear that the breach resulted in consumers’ names as well as their financial information, Social Security numbers, or protected health information being compromised.
What We Know About The Springs Living Data Breach
The information about The Springs Living, Inc. data breach comes from the company’s official filing with the Montana Attorney General. According to this source, on May 12, 2022, The Springs Living detected unusual activity on its computer network. In response, the company secured its network and began working with cybersecurity specialists to determine the nature and scope of the breach, as well as whether any consumer data was compromised as a result.
The investigation confirmed that an unauthorized party was able to gain access to portions of the company’s computer network on May 12, 2022. The investigation also revealed that the files that were accessible contained sensitive data belonging to certain consumers.
Upon discovering that sensitive consumer data was accessible to an unauthorized party, The Springs Living began the process of reviewing all affected files to determine what information was compromised and which consumers were impacted by the incident. The company completed its review of the affected files on August 12, 2022. In the “Notice of Data Breach” letter filed with the Montana Attorney General, The Springs Living did not publicly disclose the type of information that was subject to unauthorized access. However, under state law, a company only needs to report a data breach if it results in consumers’ names and one or more of the following being compromised:
Social Security numbers, or
Protected health information.
On September 13, 2022, The Springs Living sent out data breach letters to all individuals whose information was compromised as a result of the recent data security incident.
More Information About The Springs Living, Inc.
Founded in 1996, The Springs Living, Inc. is a long-term residential care provider based in McMinnville, Oregon. The company operates 20 locations throughout Oregon, Montana and Washington and provides varying levels of care based on residents’ needs. The Springs Living employs more than 1,802 people and generates approximately $121 million in annual revenue.
What Should You Do After Receiving a Data Breach Letter?
In 2021, more than 320 million people had their personal information leaked as a result of a data breach. These incidents are not only frustrating to resolve but can also end up costing victims thousands of dollars and hundreds of hours of their time. Given the frequency with which these breaches occur, it is essential that you know what to do in the event your information is leaked in a data breach.
The biggest risk after a data breach is that a hacker uses your personal information to steal your identity or sells your data on the dark web to another criminal. While there is nothing you can do to prevent a data breach, there are some things you can do to reduce the chances of falling victim to identity theft or other frauds once you learn of a breach.
Carefully Review the Data Breach Letter to Determine What Information Was Leaked
When you receive a data breach letter in the mail, the first thing to do is to carefully read the letter to identify what information was compromised. On some level, your response will depend on the type of information that was compromised. For example, while the steps below apply to data breaches generally, you may consider additional steps to protect yourself if a breach involves highly sensitive information such as your financial account numbers or Social Security number.
Monitor Your Financial Accounts and Credit Report
Once a hacker obtains your information through a data breach, they will typically try to use it to commit fraud as quickly as possible. This is because they don’t want to give you time to close your accounts, change your passwords, or get new cards reissued. However, it may take some time for criminals to obtain other information they need to steal your identity. Thus, it is imperative that you frequently check your online bank and credit card accounts, as well as your credit report. This includes checking accounts that were not compromised in the breach.
Sign Up for Free Credit Monitoring
Credit monitoring typically runs between $20 and $40 per month. However, companies usually offer victims free credit monitoring for a period of time—usually between one to two years. Indeed, The Springs Living indicates that it will provide victims of the breach with 12 months of free credit monitoring. It is always a good idea to sign up for free credit monitoring, as it can help you determine if an unauthorized party is trying to access your credit. Further, signing up for free credit monitoring doesn’t impact your rights to bring a data breach lawsuit against the company that leaked your information if the company was negligent leading up to the breach.
Consider Placing a Fraud Alert or a Credit Freeze on Your Credit Account
By contacting any one of the three major credit bureaus, you can place a fraud alert or credit freeze on your credit accounts. A fraud alert notifies banks, credit card companies and other creditors that your information was recently exposed, putting them on notice that the person applying for credit in your name may be an imposter. A credit freeze offers additional protection by preventing any company from pulling your credit without your advance approval. The Identity Theft Resource Center has repeatedly explained that placing a credit freeze on your credit account is the single best way to prevent fraud after a data breach.
Victims of The Springs Living data breach who are interested in learning more about their options should reach out to an experienced data breach lawyer for immediate assistance.
If you received a “Notice of Data Breach” from The Springs Living, it means that a hacker may have accessed and stolen your personal information. This puts you at an increased risk of identity theft and other frauds. However, there are steps you can take to protect yourself and you may also be eligible for compensation from The Springs Living to compensate you for any damages you experience as a result of the incident, including the future risk of identity theft. To learn more about your options in the wake of a data breach, you can review our recent post on the subject here.