Data Media Associates Hit with Class Action Over Data Breach Announced in August 2023
Last Updated on March 29, 2024
Valdivia v. Data Media Associates, LLC
Filed: August 30, 2023 ◆§ 1:23-cv-03904
A class action alleges the failure of Data Media Associates to adequately safeguard consumers’ personal information resulted in a data breach earlier this year.
A proposed class action alleges the failure of Data Media Associates (DMA) to adequately safeguard consumers’ personal and health information resulted in a “massive and preventable” data breach earlier this year.
Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s free weekly newsletter here.
The 47-page case says that in early June 2023, DMA, a healthcare billing services provider, became aware of a Cybersecurity and Infrastructure Security Agency alert that hackers had targeted MOVEit, a widely used file transfer platform. An investigation concluded later that month that the MOVEit security incident compromised highly sensitive, unencrypted information DMA maintained on its “inadequately protected” servers, the lawsuit states.
According to the filing, information impacted in the breach included consumers’ names, dates of birth, addresses, treatment information, provider names, patient identification numbers, diagnosis codes, health insurance information, health insurance ID numbers and Social Security numbers.
The filing says that DMA was obligated under the Health Insurance Portability and Accountability Act (HIPAA) to keep consumers’ health information confidential and protect it from unauthorized disclosure. The defendant also failed to comply with other applicable laws, regulations and industry standards relating to data security, the suit contends.
As a result of DMA’s apparent negligence, data breach victims have been exposed to a “substantially increased risk of fraud, identity theft, and misuse” as their information will likely end up for sale on the dark web, the complaint stresses.
After reportedly discovering the breach in June, DMA then waited until August 23 to begin notifying victims whose information may have been impacted, the case says.
The following day, DMA posted on its website a notice of the data breach, stating that it had taken “all remediation measures recommended by the MOVEit software developers” and “will be evaluating additional safeguards that can be put in place to further enhance the security of the data entrusted to it.”
However, the case says, the company’s notice lacks “sufficient information on how the breach occurred, what safeguards have been taken since then to safeguard further attacks, and/or where the information hacked exists today.”
The lawsuit looks to represent anyone in the United States whose protected health information and/or personally identifiable information was exposed to unauthorized third parties as a result of the data breach discovered by Data Media Associates in June 2023.
Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s free weekly newsletter here.
Video Game Addiction Lawsuits
If your child suffers from video game addiction — including Fortnite addiction or Roblox addiction — you may be able to take legal action. Gamers 18 to 22 may also qualify.
Learn more:Video Game Addiction Lawsuit
Depo-Provera Lawsuits
Anyone who received Depo-Provera or Depo-Provera SubQ injections and has been diagnosed with meningioma, a type of brain tumor, may be able to take legal action.
Read more: Depo-Provera Lawsuit
How Do I Join a Class Action Lawsuit?
Did you know there's usually nothing you need to do to join, sign up for, or add your name to new class action lawsuits when they're initially filed?
Read more here: How Do I Join a Class Action Lawsuit?
Stay Current
Sign Up For
Our Newsletter
New cases and investigations, settlement deadlines, and news straight to your inbox.
Before commenting, please review our comment policy.