TIC International Corporation (“TIC”)
Your Personal Info Could Be
Exposed Online After
This Hospital Breach
Breach Description
TIC International Corporation, a health, pension, 401k, and other benefit funds administrator based in Carmel, Indiana, experienced a significant data security incident on March 30, 2022. This incident was the result of an encryption attack, commonly known as ransomware, which led to a system disruption within the company’s network. Following the discovery of the attack, TIC engaged cybersecurity experts to assist with their response and to investigate the extent of the breach. The investigation confirmed that personal information had been acquired without authorization during the incident[1][2].
The potentially compromised information varied by individual but may have included names, addresses, Social Security numbers, dates of birth, and protected health information. Despite the breach, TIC has stated that there is no evidence that any of the information potentially involved in the incident has been misused. However, as a precaution and to assist those affected, TIC has offered credit and identity protection services to individuals whose Social Security numbers were impacted[1][2].
In response to the breach, TIC has taken steps to enhance the security of its network to prevent similar incidents in the future. This includes reporting the matter to the Federal Bureau of Investigation (FBI) and cooperating with law enforcement to hold the perpetrators accountable. Additionally, TIC established a toll-free call center to answer questions and address concerns related to the incident[1].
The breach has led to legal action against TIC. A class action lawsuit has been filed, alleging that TIC failed to implement adequate cybersecurity measures to prevent the ransomware attack and that the company delayed notifying victims about the breach. The lawsuit seeks to cover any Indiana citizen whose personally identifying information or personal health information was compromised in the breach[7].
The incident is a stark reminder of the importance of robust cybersecurity measures and the potential consequences of data breaches, not only in terms of the immediate impact on personal information but also the legal and reputational repercussions for the organizations involved.
Citations:
- https://www.tici.com/cyber_security_notice.pdf
- https://www.doj.nh.gov/consumer/security-breaches/documents/tic-international-20220915.pdf
- https://www.classaction.org/media/drew-et-al-v-tic-international-corporation.pdf
- https://www.jdsupra.com/legalnews/tic-international-corporation-reports-9831157/
- https://www.prnewswire.com/news-releases/tic-international-corporation-notice-of-data-security-incident-301672137.html
- https://openjurist.org/785/f2d/168/brock-v-tic-international-corporation
- https://www.classaction.org/news/tic-international-corporation-facing-class-action-over-2022-data-breach
- https://www.mass.gov/doc/assigned-data-breach-number-28213-tic-international-corporation/download
- https://oag.ca.gov/privacy/databreach/list
- https://news.bloomberglaw.com
- https://www.doj.nh.gov/consumer/security-breaches/t.htm
- https://www.law.com/radar/card/drew-et-al-v-tic-international-corporation-47738197-r/
- https://dojmt.gov/consumer/databreach/
- https://www.msdlegal.com/blog/2022/09/tic-international-corporation-data-breach-class-action-investigation/
- https://www.thelyonfirm.com/blog/tic-international-data-breach-investigation/
- https://www.tici.com/cybersecuritynotice.pdf