Insurer Dominion National settles for $2 million in data breach lawsuit

Dominion National, Virginia-based insurance provider of dental and vision health benefits has reached settlement in the class action lawsuit concerning the decade-old data breach that exposed sensitive customer information of over 2.9 million patients.

Although brought to light in August 2019, the Dominion National security incident is expected to have occurred sometime in 2010, when unauthorised actors had initially gained access to Dominion servers.

As seen by Security Report, starting today, class members are receiving email notices explaining details of the lawsuit settlement.

Insurer data breach affected 2.9M members

Dominion National, which comprises subsidiaries including Dominion Dental USA, Inc., Dominion Dental Services USA, Inc., Dominion National Insurance Company, Dominion Dental Services of New Jersey, Inc., and Dominion Dental Services, Inc. has reached settlement with the defendants in the class action lawsuit concerning the major data breach.

The Dominion National data breach that was disclosed in 2019 was initially believed to have impacted over 122,000 health plan customers and was not detected until nine years after the incident occurred.

However, data published by the Department of Health and Human Services (HHS) later indicated that 2.96 million patients were affected as a result of this incident.

“On April 24, 2019, through our investigation of an internal alert, with the assistance of a leading cyber security firm, we determined that an unauthorized party may have accessed some of our computer servers.”

“The unauthorized access may have occurred as early as August 25, 2010. After learning of this, we moved quickly to clean the affected servers and implement enhanced monitoring and alerting software. We also contacted the FBI and will continue to work with them during their investigation,” Dominion National had explained in a 2019 data breach notice.

The security incident is believed to have exposed sensitive customer details including names, addresses, email addresses, dates of birth, Social Security Numbers (SSNs), member ID numbers, group numbers, and subscriber numbers.

The breach had impacted multiple parties, including Dominion National health plan members, providers and producers:

“For members who enrolled online through Dominion National’s website, their bank account and routing numbers may have also been included in the data. The provider information may have included names, dates of birth, Social Security numbers, and/or taxpayer identification numbers. The producer information may have included names and Social Security numbers,” the data breach notice had further explained.

As seen by Security Report, the eligible class members have now started receiving email notices explaining the details of the proposed settlement and can begin filing a claim for any losses or out-of-pocket expenses occurred due to the incident.

How to file a claim with Dominion National for any losses?

Dominion National has pledged to cover ordinary losses, up to $300 total per person for out of pocket expenses resulting from this incident, in fees for credit reports and credit monitoring services incurred between August 14, 2019 and July 19, 2021, and up to $100 in lost time incurred as a result of responding to this incident.

“Dominion National will also compensate extraordinary losses, up to $7,500 per person, for actual, documented, and unreimbursed monetary losses that are fairly and reasonably traceable to the Data Security Incident. Total aggregate compensation for ordinary and extraordinary losses shall be capped at $2 million,” continues Dominion National in the settlement notice.

Those who received the settlement notice, can head straight to www.DominionDentalSettlement.com and click “Submit a Claim” button.

The form requires “Notice ID” and “Confirmation Code” included in the settlement email or correspondence sent to the eligible members.

For Dominion National customers who believe they are eligible but have not received a notice, an alternative method, as well as downloadable paper forms, are also provided:

As with any class action lawsuit, cash payments are subject to be adjusted on a pro-rata basis depending on how many eligible class members file a claim, and the loss incurred by each member.

Attorney fees and costs and administration costs are also eligible for compensation under this settlement.

But, all those eligible should file a claim no later than the deadline—January 15, 2022.