News

Insurer Dominion National settles for $2 million in data breach lawsuit

Dominion National, Virginia-based insurance provider of dental and vision health benefits has reached settlement in the class action lawsuit concerning the decade-old data breach that exposed sensitive customer information of over 2.9 million patients.

Although brought to light in August 2019, the Dominion National security incident is expected to have occurred sometime in 2010, when unauthorised actors had initially gained access to Dominion servers.

As seen by Security Report, starting today, class members are receiving email notices explaining details of the lawsuit settlement.

Insurer data breach affected 2.9M members

Dominion National, which comprises subsidiaries including Dominion Dental USA, Inc., Dominion Dental Services USA, Inc., Dominion National Insurance Company, Dominion Dental Services of New Jersey, Inc., and Dominion Dental Services, Inc. has reached settlement with the defendants in the class action lawsuit concerning the major data breach.

The Dominion National data breach that was disclosed in 2019 was initially believed to have impacted over 122,000 health plan customers and was not detected until nine years after the incident occurred.

However, data published by the Department of Health and Human Services (HHS) later indicated that 2.96 million patients were affected as a result of this incident.

“On April 24, 2019, through our investigation of an internal alert, with the assistance of a leading cyber security firm, we determined that an unauthorized party may have accessed some of our computer servers.”

“The unauthorized access may have occurred as early as August 25, 2010. After learning of this, we moved quickly to clean the affected servers and implement enhanced monitoring and alerting software. We also contacted the FBI and will continue to work with them during their investigation,” Dominion National had explained in a 2019 data breach notice.

The security incident is believed to have exposed sensitive customer details including names, addresses, email addresses, dates of birth, Social Security Numbers (SSNs), member ID numbers, group numbers, and subscriber numbers.

The breach had impacted multiple parties, including Dominion National health plan members, providers and producers:

“For members who enrolled online through Dominion National’s website, their bank account and routing numbers may have also been included in the data. The provider information may have included names, dates of birth, Social Security numbers, and/or taxpayer identification numbers. The producer information may have included names and Social Security numbers,” the data breach notice had further explained.

As seen by Security Report, the eligible class members have now started receiving email notices explaining the details of the proposed settlement and can begin filing a claim for any losses or out-of-pocket expenses occurred due to the incident.

Image: Copy of class action settlement email sent to eligible class members (Security Report)

How to file a claim with Dominion National for any losses?

Dominion National has pledged to cover ordinary losses, up to $300 total per person for out of pocket expenses resulting from this incident, in fees for credit reports and credit monitoring services incurred between August 14, 2019 and July 19, 2021, and up to $100 in lost time incurred as a result of responding to this incident.

“Dominion National will also compensate extraordinary losses, up to $7,500 per person, for actual, documented, and unreimbursed monetary losses that are fairly and reasonably traceable to the Data Security Incident. Total aggregate compensation for ordinary and extraordinary losses shall be capped at $2 million,” continues Dominion National in the settlement notice.

Those who received the settlement notice, can head straight to www.DominionDentalSettlement.com and click “Submit a Claim” button.

The form requires “Notice ID” and “Confirmation Code” included in the settlement email or correspondence sent to the eligible members.

For Dominion National customers who believe they are eligible but have not received a notice, an alternative method, as well as downloadable paper forms, are also provided:

As with any class action lawsuit, cash payments are subject to be adjusted on a pro-rata basis depending on how many eligible class members file a claim, and the loss incurred by each member.

Attorney fees and costs and administration costs are also eligible for compensation under this settlement.

But, all those eligible should file a claim no later than the deadline—January 15, 2022.

Ax Sharma

Ax Sharma is an Indian-origin British security researcher, journalist and TV subject matter expert with a focus on malware analysis and cybercrime investigations. His areas of interest include open source software security, threat intel analysis, and reverse engineering. Frequently featured by leading media outlets like the BBC, Channel 5, Fortune, WIRED, The Register, among others, Ax is an active community member of the OWASP Foundation and the British Association of Journalists (BAJ).

Recent Posts

Sea Turtle Cyber Espionage Campaign Targets Telecommunication and IT Companies in the Netherlands

Telecommunication, media, internet service providers (ISPs), information technology (IT)-service providers, and Kurdish websites in the…

12 months ago

Rogue WordPress plugin: Threat hunters uncover credit card skimming campaign targeting e-commerce sites

Rogue WordPress Plugin Found to Steal Credit Card Information in Magecart Campaign Threat hunters have…

12 months ago

Albanian Parliament and telco ‘One Albania’ suffer cyber attacks

The Assembly of the Republic of Albania and telecom company One Albania have recently fallen…

12 months ago

Carbanak Banking Malware Resurfaces with Updated Tactics in Ransomware Attacks

The banking malware Carbanak has resurfaced with updated tactics, incorporating attack vendors and techniques to…

12 months ago

Theme park giant Parques Reunidos hit by a ransomware cyber attack

One of the world's largest theme park operators, Parques Reunidos has disclosed a cybersecurity incident.…

2 years ago

Phishing kit screenshots your email domain on the fly to appear real

Phishing kit used by multiple hacked sites generates a log in page on the fly…

2 years ago

This website uses cookies.