Morley Companies, Incorporated (“Morley”) is a corporation out of Saginaw, Michigan, in the US. And they are currently facing a class action due to a ransomware attack that occurred in 2021.
The class action states that the ransomware-type malware attack began on July 20, 2021. However, it only came to the company’s attention on August 1, 2021. The cause of the discovery was the malware preventing access to some of the files in the company’s system. Additionally, the attack led to the unauthorized access of some files.
The breach potentially exposed 521,046 individuals, including employees and former employees. Those affected also include the company’s various clients, including Fortune 500 and Global 100 companies.
There have been claims that Morley stored the information in a reckless manner, causing the breach to be more severe than it should have been. Another complaint is that the company did not promptly inform people potentially affected by the breach.
The company claims that they engaged independent cybersecurity experts when the event occurred, which is when they discovered that additional information had been obtained.
However, Morley only collected the needed contact information for potentially impacted individuals in early 2022. Then, on February 1, 2022, the company notified those individuals about the incident and their subsequent actions.
The company also stated that it was not aware of the misuse of information obtained during the attack. Despite that, Morley is offering those involved complimentary credit monitoring and identity theft protection services. The company also stated that it has altered its cyber environment to prevent such situations in the future.
Impacted Information
The breach resulted in the exposure of personal and protected health information. The basic information exposed includes each individual’s name, date of birth, and address. Additionally, the breach led to the compromise of Social Security numbers and client identification numbers.
Because of the information obtained, the attorney general of Michigan, Dana Nessel, warned people about fraudulent emails, phone calls, and text messages. Morley also outlined some things for those affected to be wary about.
Other information included in the breach includes sensitive medical information, such as diagnostic and treatment information, and health insurance information.
