Recent data breaches expose medical data, other consumer info

Top Class Actions’s website and social media posts use affiliate links. If you make a purchase using such links, we may receive a commission, but it will not result in any additional charges to you. Please review our Affiliate Link Disclosure for more information.

Recent data breaches overview: 

• Who: Dropbox, U.S. Bank, Bed Bath & Beyond, Verizon, Microsoft, Michigan Medicine and Advocate Aurora recently experienced data breaches. 
• Why: The data breaches exposed the personally identifying information and/or private health information of consumers. 
• Where: The data breaches occurred nationwide. 

A number of companies recently suffered data breaches that exposed the personally identifying information and/or private health information of consumers. 

A variety of factors, including cybersecurity attacks conducted by bad actors and accidental data leaks from the inside of a company, can cause data breaches. 

Dropbox data breach exposed names, email address of customers, employees 

Earlier this month, Dropbox disclosed it was the victim of a data breach that exposed the names and email addresses of a few thousand of the company’s customers and employees. 

Dropbox said the data breach was caused by a phishing scam that enabled bad actors to gain access to 130 code repositories found in one of the company’s GitHub organizations. 

The hackers pretended to be with a continuous integration and delivery platform known as CircleCI to gain access to credentials and one-time passwords needed to achieve multifactor authentication. 

U.S. Bank notifies around 11,000 customers affected by data breach

Also this month, U.S. Bank notified around 11,000 of its customers a third-party vendor accidentally shared their personal information in September. 

U.S. Bank disclosed to its customers that one of its “trusted vendors” accidentally shared a file containing their personal information, including names, birthdates and addresses, among other things. 

The financial services company reassured its customers it does not believe they are at risk of suffering any injury but said it is taking steps to protect them as a “precautionary measure.” 

Bed Bath & Beyond says phishing scam responsible for data breach

Bed Bath & Beyond, meanwhile, announced it was the victim of a data breach in October because of a phishing scam that allowed an unauthorized party to access its hard drive and certain shared drives. 

The company reassured its customers that it had no reason to believe that the threat actors improperly accessed any personally identifiable or sensitive information. 

Bed Bath & Beyond says the data breach occurred after a single employee fell victim to the phishing scam. 

Microsoft discloses it misconfigured internet-accessible server, leading to data breach

Also last month, Microsoft revealed some of its customers’ sensitive information was exposed after the company unintentionally misconfigured an internet-accessible server. 

Microsoft said the misconfiguration that led to the data breach affected the endpoint of a server that is “not in use” in its current ecosystem and “was not the result of a security vulnerability.” 

Exposed data included customers names, email content, phone numbers and email addresses, according to a Microsoft blog post addressing the incident. 

Verizon says undisclosed amount of prepaid customer accounts affected by data breach 

Verizon disclosed it was the victim of a data breach last month and said it affected an undisclosed amount of prepaid customers’ accounts. 

The data breach allowed a third-party actor to conduct SIM-swapping attacks by using the last four digits of on-file credit cards, according to Verizon. 

“Using the last four digits of that credit card, the third party was able to gain access to your Verizon account and may have processed an unauthorized SIM card change on the prepaid line that received the SMS linking to this notice,” Verizon says in a notice disclosing the data breach. 

Verizon assured its prepaid customers that it had reversed any changes to their SIM cards and that the data breach itself had not exposed any credit card numbers in full. 

Michigan Medicine discloses data breach that exposed private health information

Also in October, Michigan Medicine disclosed it was the victim of an August data breach that it says may have exposed the private health information of almost 34,000 of the medical center’s patients. 

Michigan Medicine said the data breach was the result of a phishing scam that successfully targeted four of its employees. 

The information compromised in the Michigan Medicine data breach included patient names, birthdates, medical record numbers, health insurance information and treatment and diagnostic information, among other things. 

Advocate Aurora says as many as 3 million patients affected by data breach

Advocate Aurora, meanwhile, disclosed to the U.S. Department of Health and Human Services in October that a data breach exposed the private health information of as many as 3 million of its patients in Wisconsin and Illinois. 

The health care company said the data breach may have exposed personal information including patients’ medical providers, IP addresses and dates and locations of scheduled appointments. 

Advocate Aurora said the data breach did not expose any financial information or Social Security numbers, however, and vowed to make improvements to its security and information systems. 

Have you been impacted by a recent data breach? Let us know in the comments. 

If you were the victim of a data breach, you may be eligible to start or join a class action lawsuit. Find out more.

Read About More Class Action Lawsuits & Class Action Settlements:

• Spirit class action claims airline wiretaps electronic communications of website visitors
• Bath Saver, Bath Fitter spam calls $1.95M class action settlement
• Snap Finance unsolicited calls $5M class action lawsuit settlement
• Cash App class action claims Block failed to prevent data breach