Datavant Data Breach Exposes 10,639 Individuals' Data Including SSNs

On August 8, 2024, Ciox Health LLC, operating as Datavant Group, concluded an investigation into a significant data breach that had occurred earlier in the year. The breach stemmed from a phishing email attack targeting a limited number of Datavant email users.

This attack, which took place between May 8, 2024, and May 9, 2024, allowed unauthorized individuals to gain access to sensitive data stored in a single user's email mailbox. The phishing attack was resolved on the same day it was discovered, but the investigation revealed that the breach had exposed critical personal information.

The breach affected a total of 10,639 individuals across the United States. Specific states reported varying numbers of affected individuals, including 465 in Texas and 12 in Maine.

The exposed information varied by individual but included highly sensitive data such as:

• Names
• Addresses
• Social Security numbers
• Driver’s license numbers
• Government-issued ID numbers (e.g., passports, state ID cards)
• Financial information (e.g., account numbers, credit or debit card numbers)
• Medical information
• Health insurance information
• Account credentials
• Digital signatures
• Contact information
• Dates of birth

The breach was reported to the Maine Attorney General on December 7, 2024, the Massachusetts Attorney General on December 9, 2024, and the Texas Attorney General on December 9, 2024. Notifications to affected individuals began on December 6, 2024.

Datavant Group's Response

Datavant responded to the phishing attack by resolving it on the same day it was discovered. The company engaged a respected forensic cybersecurity firm to investigate the incident and determine its scope. This investigation concluded in August 2024, confirming that only a single user’s mailbox was compromised and that no other Datavant systems or data storage were impacted.

Following the breach, Datavant implemented several measures to enhance its security posture:

• Reset passwords and security devices for affected users.
• Reconfigured email security settings and updated security software rules.
• Conducted additional phishing awareness training for employees.
• Sent multiple anti-phishing reminders to its workforce.
• Sanctioned certain employees as part of its internal response.

Additionally, Datavant offered affected individuals complimentary credit monitoring and identity protection services through Kroll for 24 months. These services include identity theft restoration, fraud consultation, and credit monitoring to help mitigate the potential risks associated with the breach.

If you are affected by the data breach

If you were notified that your information was part of this breach, it’s essential to take immediate steps to protect yourself. Given the sensitive nature of the exposed data, consider the following actions:

1. Enroll in credit monitoring services: Datavant is offering free credit monitoring and identity protection services through Kroll. Visit Kroll’s enrollment website and use the membership number provided in your notification letter to activate your services.
2. Place a fraud alert on your credit file: Contact one of the three major credit reporting agencies—Equifax, Experian, or TransUnion—to place a fraud alert on your account. This will notify creditors to verify your identity before opening new accounts in your name.
3. Consider a security freeze: A security freeze prevents creditors from accessing your credit report without your consent. This is a stronger measure than a fraud alert, particularly if you do not anticipate needing new credit in the near future.
4. Monitor your financial accounts: Regularly review your bank and credit card statements for any unauthorized transactions. Report any suspicious activity to your financial institution immediately.
5. Review your credit reports: You are entitled to one free credit report annually from each of the major credit bureaus. Visit AnnualCreditReport.com to request your reports and check for any inaccuracies or unfamiliar accounts.
6. Be vigilant about phishing attempts: Given that this breach originated from a phishing attack, be cautious of unsolicited emails, phone calls, or messages requesting personal information. Verify the legitimacy of any communication before responding.
7. Change passwords and enable multi-factor authentication: If you suspect your account credentials were exposed, update your passwords immediately. Use strong, unique passwords for each account and enable multi-factor authentication wherever possible.
8. Take advantage of identity theft protection services: If you become a victim of identity theft, use the identity restoration services provided by Kroll. Their licensed investigators can assist in resolving related issues on your behalf.