Capsule Corporation (“Capsule”) recently filed a notice with the federal government confirming that the company has experienced a hacking/IT incident. While details of the breach are not yet known, the company confirmed that the personal data of as many as 27,486 consumers have been leaked. On May 27, 2022, Capsule began sending data breach notifications to all parties involved, informing them of the incident and explaining what they can do to protect themselves in the aftermath.
If you have been notified of a data breach, it is essential that you understand what is at risk and what you can do about it. To learn more about how to protect yourself from becoming a victim of fraud or identity theft and what your legal options are after Capsule Corporation’s data breach, see our recent piece on the topic here†
What we know about the data breach in the capsule
Capsule only recently released information about the data security incident. Therefore, the information is currently quite limited. What we do know, however, is that on May 27, 2022, the New York-based pharmacy filed an official notice of a data breach with the U.S. Department of Health and Human Services Office for Civil Rights. involved in the breach, it reports that as many as 27,486 were affected by the Capsule data breach.
Capsule Corporation, which most people call Capsule, is a digital pharmacy that allows patients to place an order on their phone. Capsule pharmacists then deliver the patient’s medication directly to their door. Founded in 2015, Capsule has expanded beyond New York City to more than a dozen other U.S. markets, including Chicago, IL, Austin, TX, Los Angeles, CA, and Minneapolis, MN. Capsule employs approximately 800 people and brings in approximately $168 million in annual revenue.
What should you do after a data breach?
Under state law, after experiencing a data breach, a company must report the breach to anyone whose information has been compromised as a result of the incident. These data breach letters provide crucial information and should not be ignored. While the steps to take after a data breach depend on the type of information exposed, there are some general steps to take after a data breach to protect yourself.
Read the letter about data breaches carefully: The first thing to do after you receive a letter about a data breach is to take a close look at the letter to make sure you were one of those affected. You also want to determine the type of information that was involved in the breach, as well as the dates of the breach. It’s also a good idea to keep a copy of the letter for your records. In fact, it’s best to create a file for any infringement correspondence you receive; so you have everything you need in one place.
Protect your online accounts: Regardless of the data compromised in a breach, it’s a good idea to change all passwords and security questions for your online accounts. While most people think they change their passwords for financial accounts, keep in mind that hackers can also use the information they gain through a breach to “guess” your passwords for other accounts. So setting up multi-factor authentication is a good way to add an extra layer of security.
Protect your credit: It is estimated that 70% of data breaches involve leaked social security numbers or bank account information. This is intentional, as cyber criminals can easily use this information for their own financial gain. After a data breach, companies almost always offer victims free credit monitoring. Signing up for credit monitoring will help reduce the chances of identity theft and will not affect your right to sue the company through a class action data breach lawsuit.
Checking in to your credit report and bank accounts often: There are no “quick fixes” after a data breach where your personal information has been compromised. It often takes months to resolve the situation effectively. Part of this process is to regularly check your bank accounts and credit reports for signs of fraud or identity theft. There is no “expiry date” on stolen information, and while hackers often act quickly to steal victims’ identities, that’s not always the case.
Contact a data breach attorney as soon as possible: If your information has been exposed through a data breach, it’s important that you don’t wait to talk to a lawyer. Under US data breach and consumer privacy laws, the company responsible for keeping your information safe may be financially liable for financial loss. This damage will help compensate you for the money and time you spend re-establishing your identity. However, these things are not just about the money. Class action lawsuits for data breaches are also important tools consumers can use to convince large companies to take data security more seriously.