Montana

In January 2024, LoanDepot discovered suspicious activity within its systems. The company immediately moved to contain the incident, contact law enforcement, and launch an investigation.49,134 Montana residents were affected by the data breach incident. The initial assessment revealed that names, addresses, financial account numbers, Social Security numbers, birth dates, and phone numbers were exposed. LoanDepot worked with an external expert to assess the scope of the threat and did not uncover any evidence that any of this information was misused for fraud or identity theft. They did provide 24 months of identity protection and credit monitoring for free from Experian.

In November 2023, the cancer center detected unauthorized activity in some parts of its network. According to the notice letter, they initiated an investigation with the assistance of an external forensic company. The investigation revealed that the criminal party accessed the network between the 19th and 25th of November. 3,183 residents were affected during the breach. The information exposed included names, Social Security numbers, addresses, birth dates, health insurance data, clinical information, and lab results. Fred Hutchinson indicated it considers the security of its patients as a top priority and they are continually updating their security. The center also offered credit monitoring services to those affected for twelve months.

Nationstar Mortgage discovered some suspicious activity in their network in October 2023. The company immediately initiated response protocols, such as an investigation to assess the scope of the incident. Nationstar also contacted local law enforcement agencies to help with the investigation after shutting down its systems. The results showed unauthorized access between October 30th and November 1st. Information including names, phone numbers, addresses, Social Security details, birth dates, and account numbers were compromised during the attack. Nationstar Mortgage indicated they are monitoring the dark web and have not yet seen evidence that the data related to the incident was shared or otherwise misused. The company provided notification letters to the 36,903 individuals affected by the incident and provided 24 months of credit monitoring and identity protection services.

On August 31st, 2023, PostMeds discovered unauthorized activity on its network when the actor accessed a subset of files utilized for pharmacy management and fulfillment. The company immediately initiated an investigation to determine the scope of the damage. Some of the information exposed may have included demographics, medication types, and the attending physicians. PostMeds reiterated that Social Security data was not involved during the incident because the company did not receive this information. The PostMeds incident affected 6,703 people. The organization issued notification letters to all affected and claimed it enhanced its security protocols to safeguard against a reoccurrence of the data breach event.

In August 2023, Zeroed-In determined suspicious activity was happening to some of its systems. They immediately launched an investigation to assess the scope of the breach and if it existed. Zeroed-In determined there was an unauthorized entry to its accounts at that time. The information accessed entailed names, birth dates, and Social Security data. The company is taking steps to secure the systems and report the incident to law enforcement agencies. Zeroed-In stated they were also reviewing existing policies and initiated security measures to prevent something similar from occurring in the future. The 5,049 affected were also provided with 12 months of credit monitoring and identity theft protection services free of charge.