• Wed. Jun 29th, 2022

OnDeck Announces Data Breach Affecting Social Security Numbers and Financial Account Information | Console and Associates, PC

ByElla E. Kidwell

Jun 8, 2022

Recently, business lending company OnDeck announced that it suffered a data breach after an unauthorized party gained access to the company’s computer network and transferred sensitive consumer data to an account. private cloud storage. According to OnDeck, the breach resulted in the compromise of the following data: names, social security numbers, tax ID numbers, driver’s license numbers, passport numbers, financial account/payment card numbers, and medical or health information. health insurance compromised. On June 2, 2022, OnDeck filed a formal notice of breach and sent data breach letters to all affected parties.

If you have received a data breach notification, it is essential that you understand what is at risk and what you can do about it. To learn more about how to protect yourself against fraud or identity theft and what your legal options are following the OnDeck data breach, please see our recent article on the subject. here.

What we know about the OnDeck data breach

Based on the company’s statements made in its official filings with various state governments, OnDeck was first notified of the data security incident on March 10, 2022, when the company detected suspicious activity. on some of his computers. After this realization, the company shut down access to all affected devices, secured its network and initiated an investigation into the incident.

On March 13, 2022, OnDeck confirmed that an unauthorized party copied certain OnDeck data to a private cloud storage account. On March 17, 2022, OnDeck’s team of investigators took control of this online storage account, recovered the data, and closed access to the account. On May 17, 2022, OnDeck determined that a limited amount of personal information was contained in the online account and, therefore, was subject to unauthorized access.

After discovering that sensitive consumer data was accessible to an unauthorized party, OnDeck then reviewed the affected files to determine exactly what information had been compromised. Although the information disclosed will vary depending on the individual, it may include your name, social security number, tax ID number, driver’s license number, passport number, financial account number/ payment card and medical or health insurance information.

On June 2, 2022, OnDeck sent data breach letters to individuals whose information was leaked as a result of the incident.

More information about OnDeck

OnDeck is a global online lending company based in New York, New York. The company caters to businesses large and small, offering a wide range of lending options, including term loans, lines of credit, and SBA PPP loans. In total, OnDeck has provided over $14 billion in funding to companies around the world. OnDeck has over 742 people working for the company and generates approximately $444 million in revenue each year.

Do victims of a data breach have legal recourse against companies?

Yes, under US data breach laws, victims of a data breach who can prove that a company was negligent in the way it stored or secured their data may be able to bring a data breach class action lawsuit against a company. Data breach lawsuits are most often based on the legal concept of negligence; however, it is important to understand that negligence does not necessarily equate to knowing negligence of a known risk.

Companies can be negligent in different ways when it comes to protecting the safety and security of consumer data. Below are a few ways a company can be considered negligent with respect to its data security responsibilities:

  • A company is not using a useful data security system or is using an outdated system;

  • A company inadvertently sends consumer information to an unauthorized party;

  • An employee does not follow company procedures when handling consumer data;

  • An employee responds to a phishing attack, either by clicking on a link or giving sensitive consumer information to an unauthorized party.

Of course, these are just a few of the ways companies can be negligent; there are many more. It is important to note that the mere fact that a violation has occurred does not necessarily mean that the company was negligent. However, a data breach is at least an indication that something went wrong and warrants further investigation. If it appears that a company was negligent in storing consumer data or failed to maintain necessary security protocols, the company may be held liable through a class action lawsuit for breach of data.

Consumers whose information has been disclosed in a data breach can learn more about their rights by contacting a data breach and consumer privacy attorney.