The Lash Group, LLC, a division of Cencora, Inc. (formerly AmerisourceBergen), has recently filed a series of notices with various state attorney general offices after it discovered an unauthorized party was able to access the confidential information of tens of thousands of consumers stored on the company's computer network.
What Caused the Lash Group Data Breach?
According to a lawsuit filed against Cencora, the parent company of Lash Group, it detected the unauthorized activity on February 21, 2024. Upon further investigation, Cencora determined that an unauthorized party had been able to remove certain files from its computer network that contained sensitive consumer data. After learning that the sensitive consumer data on the files was accessible to an unauthorized party, Lash Group immediately reviewed the compromised files to determine the exact information on what was leaked and which consumers were impacted.
On April 10, 2024, Lash Group was able to determine the breach affected consumers who had enrolled in patient support programs through major pharmaceutical companies, such as Acadia Pharmaceuticals Inc., Bristol Myers, Squibb, Dendreon Corporation, Endo International, GlaxoSmithKline, Incyte, Novartis, Pharming Healthcare, PTC Therapeutics, Regeneron, Sumitomo Pharma America, Inc., and Tolmar.
Thousands of Patient's Information Was Compromised Due to the Breach
While the information breached will vary depending on the individual, based on the investigation, Lash Group believes the following information was affected in the breach: consumers' first names, last names, dates of birth, health diagnoses, and/or medications and prescriptions. On or about May 17, 2024, Lash Group began sending data breach letters to those affected by the incident. The letters will provide victims with a list of information that was compromised. However, according to the notice posted on the Lash Group website, for some individuals, the company does not have address information to provide a direct notice.
Currently, Lash Group has not received any evidence that the information access has been or will be publicly disclosed or that any information was or will be misused for fraudulent purposes as a result of this incident. However, if you believe your information was compromised due to the breach, you may be eligible to recover financial compensation by speaking with a data breach attorney.
Was Johnson & Johnson Affected by the Lash Group Breach?
On May 29, Johnson & Johnson filed two notices of data breaches with the Attorney General of Texas, stating it discovered that an unauthorized party accessed confidential patient information. Some speculate that the breaches may be connected to the Lash Group data breach, as they bear several similarities. Those affected by the Johnson & Johnson breach are currently believed to have had their names, addresses, medical information, and dates of birth exposed.
The filings are registered under Johnson & Johnson Patient Assistance Foundation, Inc. and another for Johnson & Johnson Services, Inc. According to the information currently available, these breaches affected the personal information of roughly 175,000 Texans; however, the total number of reported victims nationwide is likely to rise in the coming days.
Lash Group Offers Data Security Services to Affected Individuals
As mentioned on the Lash Group breach notice page, while the company does not believe the information accessed is in any danger of being used for fraudulent purposes, out of an abundance of caution, it is offering those who were directly affected by the breach access to identity protection, credit monitoring, and remediation services through Experian IdentityWorksSM for 24 months at no charge.
As listed on their webpage, in order to enroll in the services, Lash Group asks consumers to follow this link and are prepared to provide the following unique code to receive services: BCV7SX55S, as well as verify their personal information to protect and confirm their identities. In order to receive the credit monitoring services, Lash Group has issued an enrollment deadline of August 30, 2024.
Any questions about enrollment can be directed to Experian at 1-833-918-1728. However, you must provide the engagement number B123302 as proof of eligibility for the Identity Restoration services.
What You Can Do To Keep Your Data Safe After a Breach
After a data breach has exposed your personal information, there are certain steps you can take to ensure your information stays out of the hands of those who wish to cause you harm.
Let the Law Work for You:
Under the Fair and Accurate Credit Transactions Act, consumers are entitled to one free credit report annually from each of the three major credit reporting bureaus: Equifax, Experian, and TransUnion. Reviewing your reports allows you the ability to correct any errors in your credit history and protect your credit identity.
The Fair Credit Reporting Act(FCRA) similarly provides you with certain credit protections, as victims of fraud have the right to be informed that the information in their credit file has been used against them in a fair, timely, and accurate manner. Under the FCRA, you have the right to review that report and correct any errors that may be in your credit file.
In the event you discover your information has been used fraudulently, you also have the right to request a "credit freeze" on a credit report. A credit freeze will prohibit a credit bureau from releasing information on the credit report without your expressed authorization as well as prevent credit, loans, and services from being approved in your name without your consent.
Get Access to Free and Daily Credit Monitoring:
Utilizing credit monitoring sites like Credit Karma can help keep you up to date on your credit profile without having to wait for a free yearly report. Credit Karma offers its customers free and daily access to their credit reports and provides suspicious activity alerts as well as other helpful financial protective services. In the event you discover fraudulent activity on any of your accounts, you should immediately contact the Federal Trade Commission, your state's Attorney General's office, or law enforcement to report the incident as soon as possible.
Contact an Attorney:
Connecting with an attorney can also help keep your data safe from future cyberattacks. After a breach, while a company may offer you ways to protect or monitor your information, it does nothing for the damages they've already caused you and your loved ones should your information be sold on the dark web. Speaking with an experienced data breach attorney will not only fully understand the scope of your situation but also help you fight to hold those liable for their security negligence.
For more information on how a Morgan & Morgan attorney may be able to help you after your information was accessed during the Lash Group data breach, connect with us today by completing our free, no-obligation case evaluation form.
