Lauren Giella reports:
Oklahoma health system Integris Health reached a $30 million settlement in a data breach class action lawsuit that impacted over two million people over two years ago.
This agreement settles a class action lawsuit filed in the U.S. District Court for the Western District of Oklahoma that accuses Integris of negligence after it failed to protect patient data that was part of a breach in November 2023 and exposed victims to “imminent risk” of fraud and identity theft risk, according to the filing.
[…]
At the end of December 2023, victims of the data breach began receiving emails from a cybercriminal using the email “[email protected].” The email informed recipients that “[i]f you are receiving this message, your data have [sic] been compromised.”
The leaked data included Social Security Numbers, dates of birth, addresses, phone numbers, insurance information and employer information.
The cybercriminal, referred to as DataLeakege, also threatened to sell the leaked data on the darknet to be “used for fraud and identity theft.” DataLeakege told the plaintiffs they had until January 5, 2024, to pay $50 for their stolen data or else it would be sold to data brokers, according to the filing.
Read more at Newsweek.
Previous coverage of the incident on DataBreaches.net can be found in the links below.