EMC National Life Company: Unauthorized Network Access Reported
Updated: Apr 26, 2022
On April 8, 2022, EMC National Life Company (“EMC” or “Life Company”) reported a security incident through California’s data breach reporting system. According to the report, customer personal information was acquired from its network between December 28 – December 30, 2021. EMC discovered the intrusion, approximately 2 months later, on March 9, 2022. Personal information that may have been acquired includes:
• Full Name
And one or more of the following:
• Social Security numbers
• Taxpayer identification numbers
• Driver’s license numbers
• Financial Account Information
• Payment Card Information
• Date of Birth
• Medical Information
EMC has stated that they are not aware of any reports of identity fraud or improper use of any information as a direct result of this incident.
A link to EMC Notice of Data Breach posted by the State of California can be found here.
Is credit monitoring being offered?
Yes, EMC is offering one year of complimentary credit monitoring through Experian’s IdentityWorksSM Credit 3B.
To read more about the EMC Notice, click here
California Laws Protect Data Breach Victims
California residents who received a EMC Data Breach Notice may be entitled to between $100 and $1,000 or their actual damages, whichever is greater. ¹
The California Customer Records Act (CCRA) requires businesses to put into place and maintain reasonable security procedures and practices that protect a consumer’s personal information. More comprehensively, the California Consumer Privacy Act (CCPA) contains many protections for the personal information of California residents. And the California Confidentiality of Medical Information Act (CMIA) requires that varies entities who maintain medical information do so in a manner that preserves its confidentiality.
Participants in data breach lawsuits can recover damages, injunctive relief (to make sure that the business has reasonable security practices to protect consumer data from being leaked again) and anything else a court concludes is necessary to compensate data breach victims and prevent these harms from reoccurring.
A team of experienced attorneys is currently investigating whether EMC violated its obligation to maintain reasonable security procedures and practices to protect its customers’ personal information. To contact someone on our team, click here.
I received a notification from a company claiming to be EMC National Life, but the return address says “Return Mail Processing Center.” Is this legit?
That is the return address on the official EMC Notice on record with the California data breach reporting system. Specifically, the return address on the Notice is:
Return Mail Processing Center P.O. Box 6336 Portland, OR 97228-6336
Generally, if you have any concerns about the legitimacy of a data breach notice you receive, you can often compare it to the document recorded with state authorities online to confirm its authenticity, or contact the company who issued the notice using independent contact information.
How do I know if my identity has been stolen?
Signs that your identity may have been stolen include:
o you see unfamiliar charges on your credit or debit cards
o you have bank account withdrawals that you can’t account for
o you are getting medical bills for services you didn’t get
o you are getting called by debt collectors for debts that aren’t yours
o shops won’t take your personal checks
o you stop getting bills that you usually get in the mail
o you get a notice from that IRS that (1) there is more than one tax return filed in your name or (2) you have income you failed to report and don’t recognize²
o your email address or phone number come up on http://haveibeenpwned.com/ as part of a data breach
What steps can I take to safeguard my data from cyber-thieves?
There are many actions you can take to safeguard your personal data, including:
(a) Review your credit reports
(b) Review your account statements
(c) Remain vigilant and respond to suspicious activity
(d) Consider placing a "fraud alert" with one of the three nationwide credit bureaus
(e) Be aware that you have the right to place a “security freeze” on your credit report
What Is The Difference Between A “Credit Freeze” and A “Fraud Alert”?
A credit freeze the strongest step you can take to prevent fraudulent accounts being opened under your name. A credit freeze prevents a credit bureau from sharing your information with others. You can put a credit freeze in place with each of the three major credit bureaus by using the following links: Equifax, Experian, and Transunion.
If you put on a credit freeze, no one will be able to open new credit accounts in your name. You can still use your active credit cards with a freeze in place. It costs nothing to put a credit freeze in place, lasts indefinitely, and will not affect your credit score.
However, if your credit card information has been compromised, a credit freeze will not prevent a cyber-thief from making purchases with your stolen card. Cancelling the card and getting a new card with a different number is the only way to stop such transactions from taking place.
You can also place a fraud alert on all of your credit reports. Fraud alerts are free and are a flag for potential credit providers that you may have been a victim of identity theft. They allow you to apply for new credit cards and other forms of credit without having to unfreeze your account. Fraud alerts can last one to seven years, and can be lifted by you at any time. Once you put a fraud alert in place at one credit bureau, it will alert the other two for you.You can put a fraud alert in place with any of the three major credit bureaus by using the following links: Equifax, Experian, and Transunion.
What do I do if I think I am the victim of identity theft?
The Federal Trade Commission has created a website to guide you through the process of reporting identity theft and creating an action plan. That link can be found here.
The California Attorney General’s Office has also put together an Identity Theft Victim Checklist to help identity theft victims clear up their records.³
We Can Help You Exercise Your Rights
Every case is unique. Even when your data has been part of a breach, you may not necessarily be awarded compensation. Experienced data breach class action attorneys can help you exercise your rights and evaluate your options and decide whether you are entitled to compensation under the CCPA or CMIA. There are no out of pocket costs to you, as we only get paid if we prevail.
For more information on your legal options, please contact us using the form found here
Inquiries are Confidential • No Cost • No obligation
Links on this website are not intended to be referrals to or endorsements of the linked entities or imply any relationship to the linked site or its operator.
¹ California Civil Code §§ 56.36 & 1798.150 ² https://www.consumer.ftc.gov/blog/2022/02/how-tell-if-someone-using-your-identity ³ https://oag.ca.gov/idtheft/facts/victim-checklist