MCNA has been making the news the last few days because it placed a notice on its website May 26 as well as sent letters to several state Attorney Generals that it was hacked back in February and that the hacker group involved stole the personal data of some 8.9 million clients.
Ransomware attack
According to news sources, the hacker group, LockBit, tried to ransom the data for $10 million but MCNA refused to pay. So the group published some 700Gs of personal data on its website on April 7. The group stole the information from February 26 to March 7. MCNA only became aware of the unauthorized hack on March 6.
Data stolen includes names, addresses, phone numbers, birth dates, Social Security numbers, driver’s license numbers, ID numbers, health insurance information, and information related to dental/orthodontic care.
Clients in Texas affected
We have seen news reports that MCNA informed the Attorney Generals of Florida and Maine but it is not known if the Texas Attorney General was notified. We assume so as the notice on the MCNA main website goes to a webpage maintained by IDX, a consumer privacy platform that is a large provider of data breach response services, and lists the Texas Health and Human Services Commission as an affected party.
No notification on Texas website
However, there is no notification on the MCNA Texas website to notify Texas clients their personal data may have been stolen.
Really late notification
It’s late May. The breach occurred on April 7. One has to wonder why the delayed notification.
MCNA serves more than five million children and adults through its programs.
The personal information of nine million stolen. Ouch.
If your readers want to prevent the inevitable fraud from misuse of their insurance credentials, we’e here to help
Jeff Leston
Castlestone