Potential biometric data exposure from ransomware incident prompts law firm notification
Trial lawyers Campbell Conroy & O’Neil has posted a notice of a data privacy incident which may have involved biometric data, after suffering a ransomware attack in February.
In its disclosure, the law firm notes that it cannot confirm whether any personal information was accessed or viewed by the attacker, but that the system contained biometric data, as well as individuals’ names, dates of birth, Social Security and driver’s license numbers, as well as payment card, medical, and health insurance information. Usernames and passwords may also have been exposed in the attack.
Campbell Conroy & O’Neil discovered that it was the target of what it calls “a sophisticated ransomware attack,” blocking access to some files within its system, in late-February, a company representative told Biometric Update in an email. The firm brought in third-party investigators to examine the nature and scope of the attack, and alerted the FBI.
“Campbell has provided notice to individuals whose information was accessed by the unauthorized actor. As an added precaution, the firm is also offering complimentary access to credit monitoring, fraud consultation, and identity theft restoration services to impacted individuals,” the representative writes.
“Campbell Conroy & O’Neil is committed to, and takes very seriously, its responsibility to protect all data entrusted to us. As part of our ongoing commitment to the privacy of information in our care, we are reviewing our existing policies and procedures, and are working to implement additional safeguards to further secure our information systems.
“Campbell Conroy & O’Neil is fully operational and does not anticipate any significant impact to ongoing litigation nor to our representation of our valued clients.”
The firm did not directly address a question about the nature of biometric data which may have been exposed.
Clients of the firm include numerous global enterprises in the automotive, aviation, consumer, insurance, pharmaceutical and transportation sectors, and Fortune 500 companies make up more than half of its cases, according to the firm’s website.
Acuity Market Intelligence Principal Analyst and Chief Strategist Maxine Most asked when the insurance industry will react to the liability concerns around biometric data collection earlier this week on Twitter. She notes the potential market opportunity for anonymous and one-time biometrics. Anonybit Founder and CEO Frances Zelazny, who explained her company’s idea for eliminating the need for businesses to store databases of biometrics to Biometric Update earlier this year, chimed in in support of lower rates for companies using privacy by design frameworks.