Recently, Gershman Investment Corp. confirmed that the company suffered a data breach after an unauthorized party gained access to the company’s computer network and sensitive consumer data contained on the network. According to Gershman, the breach resulted in the compromise of names, social security numbers, driver’s license numbers, passport numbers and financial account numbers. On May 13, 2022, Gershman filed a formal notice of breach and sent data breach letters to all affected parties.
If you have received a data breach notification, it is essential that you understand what is at risk and what you can do about it. To learn more about how to protect yourself from fraud or identity theft and what your legal options are following the Gershman Mortgage data breach, please see our recent article on the subject. here.
What we know about the Gershman mortgage data breach
According to an official notice filed by the company, in September 2021, Gershman Mortgage first detected a cybersecurity incident that temporarily impacted the company’s IT systems. After learning of the incident, the company secured its systems and retained the help of a cybersecurity consultant to investigate the attack. Initially, the company was unaware that the cyberattack was leading to the leakage of consumer information.
However, in December 2021, additional information came to light, prompting Gershman Mortgage to enlist the help of another cybersecurity firm to “jumpstart” the investigation. The second investigation confirmed that an unauthorized party had gained access to files on the company’s computer system containing sensitive consumer data. The unauthorized party had access between September 7, 2021 and September 22, 2021.
After discovering that sensitive consumer data was accessible to an unauthorized party, Gershman Mortgage then reviewed the affected files to determine exactly what information had been compromised. This process was completed on April 13, 2022. Although the information hacked varies depending on the individual, it may include your name, social security number, driver’s license number, passport number, and phone number. financial account.
On May 13, 2022, Gershman Mortgage sent data breach letters to everyone whose information was compromised as a result of the recent data security incident.
More information about Gershman Investment Corp.
Gershman Investment Corp. is a mortgage company based in St. Louis, Missouri. The company offers a variety of home loan products to residential buyers in more than 30 locations across the United States. Some of the products offered by Gershman Mortgage include Rural Housing Loans (USDA), Conventional Mortgages, Refinance Loans, FHA Loans, VA Loans, and Jumbo Loans. Gershman Mortgage employs over 250 people and generates approximately $128 million in annual revenue.
Should companies report a data breach?
Generally, yes, a company that has experienced a data breach must report the breach to the state, and possibly the federal government. Each state as well as the District of Columbia has data breach laws requiring a company to notify victims of a breach. However, each state’s laws are different regarding what offenses should be reported and when they should be reported.
Currently, there is no federal data breach law that requires companies to report a breach. So whether a company should report a data security incident depends on where the company is based and where the victims of the breach live. Typically, most states require a business to report a breach that exposes consumers’ “personally identifiable information.” However, because each state has its own laws on the subject, the definition of “personally identifiable information” varies. The result is that following a data breach, the company may need to report the incident in some states, but not in others.
The idea behind requiring companies to notify affected parties of a data breach is that it gives victims the opportunity to mitigate potential damages associated with the breach. In most cases, this includes identity theft and other fraud.
Additionally, data breach notification laws encourage all businesses to take consumer privacy laws seriously, as a business that experiences a breach will need to make the incident public. Thus, companies can take additional steps to protect data to avoid developing an image of carelessness with consumer data.
If you’ve been affected by a recent data breach and want to learn more about your rights and potential remedies, contact a data breach lawyer for help.