Lamont Hanley Data Breach Exposes Social Security Numbers

Lamont Hanley & Associates, a national company specializing in accounts receivable management solutions, recently experienced a significant data breach that has affected thousands of individuals. The breach was discovered on April 28, 2024, and it has raised concerns due to the sensitive nature of the information exposed.

On June 20, 2023, Lamont Hanley & Associates (LH) discovered that an unauthorized party accessed one of their employee email accounts. This compromised account led to a potential data security incident involving personal and health information. Despite immediate actions to secure the email environment and change the password, the investigation could not conclusively determine whether sensitive data was accessed or acquired by the unauthorized party. Therefore, out of an abundance of caution, LH conducted an extensive review of the compromised account.

After a thorough forensic investigation and comprehensive manual review, it was determined on February 28, 2024, that personal information was present within the compromised account. The breach affected a total of 22,216 individuals in the United States, including 3 in Maine.

Information Exposed:

• Name
• Social Security Number (Full)

The breach was disclosed to the Attorney General's office in Massachusetts, and you can find the disclosure on the Massachusetts Attorney General's website and the Maine Attorney General's website.

Lamont Hanley & Associates's Response

Upon detecting the breach, LH took immediate steps to contain and secure the email environment. They engaged external cybersecurity professionals to investigate the extent of the incident. Although no specific evidence of data access or acquisition was found, LH conducted a detailed review to identify any potentially compromised information.

LH has notified affected individuals and is offering complimentary Single Bureau Credit Monitoring, Single Bureau Credit Report, and Single Bureau Credit Score services for 24 months. Additionally, they are providing proactive fraud assistance through Cyberscout and Identity Force, a TransUnion company specializing in fraud assistance and remediation services.

Steps for Affected Individuals

If you have been affected by this data breach, it is crucial to take the following steps to protect your personal information:

1. Enroll in Credit Monitoring Services: Follow the instructions provided in the notification letter to enroll in the complimentary credit monitoring services within 90 days.
2. Place a Fraud Alert: Contact one of the three major credit bureaus (Equifax, Experian, TransUnion) to place a one-year fraud alert on your credit files.
3. Consider a Security Freeze: If you are highly concerned about identity theft, request a security freeze on your credit file from all three major credit bureaus.
4. Obtain a Free Credit Report: Request your free annual credit report from Annual Credit Report and review it for any discrepancies or unauthorized activity.
5. Monitor Financial Statements: Regularly check your financial account statements and credit reports for any signs of fraudulent or irregular activity.
6. Protect Medical Information: Only share your health insurance cards with trusted healthcare providers and review your explanation of benefits statements for any unfamiliar items.