Morley Companies has agreed to settle a class action lawsuit filed on behalf of individuals affected by a major data breach that occurred on or around August 1, 2022. A fund of $4.3 million has been created to cover claims from individuals affected by the data breach.
On or around August 1, 2021, Morley Companies, a Saignaw, MI-based provider of business services, suffered a cyberattack in which hackers gained access to parts of its network. Morley Companies said the attack prevented access to its information systems when files were encrypted, with the investigation confirming that the attackers exfiltrated files containing protected health information.
Approximately 628,000 breach notification letters were mailed, and the breach was reported to the HHS’ Office for Civil Rights as involving the protected health information of 521,046 individuals. The breached information included names, addresses, Social Security numbers, birthdates, client identification numbers, medical diagnostic and treatment information, and health insurance information. Morley Companies accepts no liability for the incident and has admitted no wrongdoing but chose to settle the lawsuit to avoid further legal costs and the uncertainty of trial.
Under the terms of the settlement, class members can submit a claim to receive reimbursement of up to $2,500 for documented out-of-pocket expenses that are reasonably traceable to the cyberattack and data breach. These can include unreimbursed losses relating to fraud or identity theft, professional fees including attorneys’ and accountants’ fees, and fees for credit repair services, costs associated with freezing or unfreezing credit with any credit reporting agency, credit monitoring costs incurred on or after August 1, 2021, and miscellaneous expenses such as notary, data charges, fax, postage, copying, mileage, cell phone charges, and long-distance telephone charges (conditions apply).
Class members can also claim up to four hours of lost time at a rate of $20 per hour, and residents of California at the time of the breach can claim a payment of $75. In addition, individuals who did not previously claim the credit and identity monitoring services provided by Morley Companies through IDX will be provided with a new offer and activation code valid for 90 days to claim 3-bureau credit monitoring for a three-year period from the effective date of the settlement. Class members will also be provided with a one-year membership to the Dashlane password management service.
Class members have until February 7, 2023, to object to or exclude themselves from the settlement. Claims must be submitted by March 20, 2023. The final approval hearing for the settlement has been scheduled for April 19, 2023.
The post Class Action Data Breach Lawsuit Settled by Morley Companies appeared first on HIPAA Journal.