On August 9, 2022, Accusoft Corporation reported a data breach with the Massachusetts Office of Consumer Affairs and Business Regulation. While the company did not publicly disclose the data types that were leaked as a result of the incident, under state reporting requirements, a company only needs to report a breach if it involved consumers’ Social Security numbers, financial account information, driver’s license numbers or state identification numbers Thus, while it cannot be confirmed, it would appear that the Accusoft breach involved one or more of these data types. After confirming the breach and identifying all affected parties, Accusoft Corp. began sending out data breach letters to all affected parties.
If you received a data breach notification, it is essential that you understand what is at risk and what you can do about it. To learn more about how to protect yourself from becoming a victim of fraud or identity theft and what your legal options are in the wake of the Accusoft Corp. data breach, please see our recent piece on the topic here.
What We Know About the Accusoft Corp. Data Breach
The information about the Accusoft Corporation data breach comes from an official company filing the Massachusetts Office of Consumer Affairs and Business Regulation. However, the company’s disclosures in its filing are sparse—at best. For example, Accusoft does not indicate what led to the breach, when the company first learned about the incident or the type of information that was leaked as a result.
However, two things suggest that the breach involved potentially sensitive information. First, under state data breach reporting guidelines, only those breaches that result in leaked Social Security numbers, financial account information, driver’s license numbers or state identification numbers must be reported. And second, Accusoft is providing anyone affected by the recent breach with 24 months of free credit report monitoring. Thus, it is likely that the breach involved sensitive consumer data that could be used to commit identity theft or other frauds.
On August 9, 2022, Accusoft Corp. sent out data breach letters to all individuals whose information was compromised as a result of the recent data security incident.
More Information About Accusoft Corporation
Established in 1991, Accusoft Corporation is a software and business services company based in Tampa, Florida. More specifically, the company develops software for businesses in the finance, legal, healthcare, insurance and government sectors. Some of the company’s flagship products include the PrizmDoc Suite, the ImageGear Collection, the Barcode Collection, and the Forms Collection. Accusoft Corp. employs more than 143 people and generates approximately $17 million in annual revenue.
What Can Hackers Do with Your Information Following a Data Breach?
Cybercriminals are constantly on the lookout for ways to obtain consumers’ personal, financial and protected health information. While a data breach such as the Accusoft breach undoubtedly causes chaos for both the company and the victims, the goal of most cyberattacks is to generate a profit. Cybercriminals have a few different ways to make money off of the information they steal through a data breach. Of course, the specific threats that a data breach victim faces depends in large part on the type of information the hackers obtained. However, as a general rule, most hackers use stolen consumer information to do one of the following:
Intercept Your Tax Refund
Once a hacker gets your Social Security number, they can file a fraudulent tax return on your behalf in hopes of intercepting your tax refund. Often, the victims of tax refund fraud don’t know they’ve been targeted until the IRS rejects their tax return because it was already filed. Victims of a data breach can decrease the chances of falling victim to tax refund fraud by filing their tax returns as soon as possible.
Open Up a New Credit Card or Loan in Your Name
Perhaps the most obvious consequence of a data breach is that hackers use the information they obtain to open up a new line of credit in your name. Usually, this involves a criminal either using your information to apply for a new credit card or personal loan. While a hacker would also need your name, date of birth, and address to do this, this information is readily available to them. For example, a cybercriminal might have additional information about you from another data breach or by conducting a quick search using the information they already have.
Receive Medical Treatment in Your Name
Hackers who have your personal information can also try to obtain medical care in your name. This is referred to as healthcare identity theft, which is one of the most serious harms that can befall a data breach victim. Essentially, healthcare identity theft involves a criminal showing up at the doctor’s office pretending to be you. This not only means you are left to pay the bill, but it can also cause the information in your medical records to get mixed up with the criminal’s information, leading to potentially disastrous consequences the next time you go in for a medical procedure.
Open Fraudulent Utility Accounts
The Federal Trade Commission reports that 13 percent of fraud incidents in 2016 involved hackers creating new phone and utility accounts. To open up a utility account, all a hacker needs is your name, address and your Social Security number.
Of course, in any of these cases, hackers may not conduct this fraud themselves; they often sell your information to another person who then carries out the actual fraud. This enables hackers to make a quick profit before moving on to the next set of victims.