Dominion National in Virginia, an insurance provider, a health plan manager, and a dental and vision benefits manager, has consented to resolve a class-action lawsuit associated with a data breach involving 2.96 million records uncovered in 2019.
The data breach investigation was concluded on April 24, 2019. Dominion National confirmed that unauthorized persons acquired access to its servers containing the personal data and protected health information (PHI) of health plan clients.
At first, the breach was believed to have impacted 122,000 health plan members, however, deeper investigations revealed the potential compromise of the PHI of 2,964,778 persons. The investigation showed the breach began on August 25, 2010, and the types of information compromised included names, birth dates, email addresses, Social Security numbers, subscriber numbers, group numbers, and member ID numbers. People who enrolled on the internet via the Dominion National website possibly had their bank account and routing number also compromised.
The breach also impacted providers and had names, birth dates, Social Security numbers, and/or taxpayer ID numbers compromised. Dominion National didn’t come across any proof that the people responsible for the cyberattack had obtained or misused the information of members. Impacted people were provided free credit monitoring and identity theft protection assistance for 2 years.
After Dominion National announced the data breach and issued breach notification letters to impacted persons, the company received a class action lawsuit, Abubaker v. Dominion Dental USA, Inc. et al., which was submitted in the United States District Court, Eastern District of Virginia. The charges were made against Dominion National (Dominion Dental USA, Inc., Dominion National Insurance Company, Dominion Dental Services USA, Inc., Dominion Dental Services, Inc. and Dominion Dental Services of New Jersey, Inc.) and Avalon Insurance Company, Capital BlueCross, Capital Advantage Insurance, and Providence Health Plan.
The plaintiffs claimed the defendants were negligent for not sufficiently protecting servers and databases and for not identifying the hackers accessing the systems in the past 9 years. Because of those failures, people were put at great risk of identity theft and fraud.
With the provisions of the offered settlement, class members will be eligible to file a claim for losses and out-of-pocket expenses sustained with regard to the data breach. Victims can file claims for ordinary losses as much as $300 to pay for out-of-pocket expenditures and charges for credit reports and credit monitoring from August 14, 2019, to July 19, 2021. A maximum of $100 may likewise be claimed for time lost addressing the security problem.
Dominion National will likewise accept claims for extraordinary losses up to $7,500 per individual for actual, recorded, and unreimbursed financial losses that can be fairly and reasonably traced to the data breach.
A limit of $2 million was allocated on claims for both ordinary and extraordinary losses. In case the total claims is greater than $2 million, the payment for claims will be pro-rata. The exclusion due date is October 2, 2021, the objection due date is October 2, 2021, and the due date for filing claims is January 15, 2022. The schedule of the fairness hearing is on November 19, 2021.
Dominion National will likewise be paying for the costs of settlement administration, the attorneys’ fees and expenses approved by the court, and the service awards for named plaintiffs. Extra security steps were furthermore put in place to strengthen security. This breach cost Dominion National about $2,679,500.