Recently, JMA Energy Company, LLC (“JMA Energy”) confirmed that the company was targeted in a malware attack and, as a result, the sensitive information of more than 13,000 individuals was potentially accessed and obtained by an unauthorized party. The data breach lawyers at Console & Associates, P.C. are going to begin interviewing victims of the breach to determine what damages they sustained and what legal claims may be available to them. If you recently learned your information was compromised in the recent breach, reaching out to a data breach lawyer is the first step to understanding all of your options.
JMA Energy Company, Inc. is an independent oil and gas company based in Oklahoma City, OK. The company is primarily focused in Oklahoma and the Mid-Continent region. JMA Energy operates over 200 oil and natural gas wells and owns an interest in an additional 2,000 wells. The company employs about 50 people and generates over $28 million in annual sales.
According to a letter sent by JMA Energy to affected consumers, on December 6, 2021, the company learned that it was the target of a “sophisticated cyber incident attack” involving the installation of malware on its servers. In response, JMA energy launched an internal investigation with the assistance of independent third-party forensic experts. While the company’s investigation is ongoing, JMA Energy recently confirmed that certain information in its possession “may have been accessed, copied, or otherwise used by the attacker.”
On January 14, 2022, JMA Energy determined that the information involved may include consumers’ names, addresses, phone numbers, social security numbers, tax ID numbers, banking and other financial information. The JMA Energy data breach is believed to have impacted as many as 13,843 individuals.
Around February 23, 2022, JMA Energy will begin sending out data breach notification letters to all individuals whose information was contained in the affected files.
Often, data breaches are the result of a hacker gaining unauthorized access to a company’s computer systems with the intention of obtaining sensitive consumer information. While no one can know the reason why a hacker targeted JMA Energy, it is common for hackers and other criminals to identify those companies believed to have weak data security systems or vulnerabilities in their networks.
Once a cybercriminal gains access to a computer network, they can then access and remove any data stored on the compromised servers. While in most cases a company experiencing a data breach can identify which files were accessible, there may be no way for the company to tell which files the hacker actually accessed or whether they removed any data.
While the fact that your information was compromised in a data breach does not necessarily mean it will be used for criminal purposes, being the victim of a data breach puts your sensitive data in the hands of an unauthorized person. As a result, you are at an increased risk of identity theft and other frauds, and criminal use of your information is a possibility that should not be ignored.
Given this reality, individuals who receive a JMA Energy data breach notification should take the situation seriously and remain vigilant in checking for any signs of unauthorized activity. Businesses like JMA Energy are responsible for protecting the consumer data in their possession. If evidence emerges that JMA Energy failed to adequately protect your sensitive information, you may be eligible for financial compensation through a data breach lawsuit.
When customers decided to do business with JMA Energy, they assumed that the company would take their privacy concerns seriously. And it goes without saying that consumers would think twice before giving a company access to their information if they knew it wasn’t going to be secure. Thus, data breaches such as this one raise questions about the adequacy of a company’s data security system.
When a business, government entity, non-profit organization, school, or any other organization accepts and stores consumer data, it also accepts a legal obligation to ensure this information remains private. The United States data breach laws allow consumers to pursue civil data breach claims against organizations that fail to protect their information.
Of course, given the recency of the JMA Energy data breach, the investigation into the incident is still in its early stages. And, as of right now, there is not yet any evidence suggesting JMA Energy is legally responsible for the breach. However, that could change as additional information about the breach and its causes is revealed.
If you have questions about your ability to bring a data breach class action lawsuit against JMA Energy, reach out to a data breach attorney as soon as possible.
If JMA Energy sends you a data breach notification letter, you are among those whose information was compromised in the recent breach. While this isn’t a time to panic, the situation warrants your attention. Below are a few important steps you can take to protect yourself from identity theft and other fraudulent activity:
Identify What Information Was Compromised: The first thing to do after learning of a data breach is to carefully review the data breach letter sent. The letter will tell you what information of yours was accessible to the unauthorized party. Be sure to make a copy of the letter and keep it for your records. If you have trouble understanding the letter or what steps you can take to protect yourself, a data breach lawyer can help.
Limit Future Access to Your Accounts: Once you determine what information of yours was affected by the breach, the safest play is to assume that the hacker orchestrating the attack stole your data. While this may not be the case, it’s better to be safe than sorry. To prevent future access to your accounts, you should change all passwords and security questions for any online account. This includes online banking accounts, credit card accounts, online shopping accounts, and any other account containing your personal information. You should also consider changing your social media account passwords and setting up multi-factor authentication where it is available.
Protect Your Credit and Your Financial Accounts: After a data breach, companies often provide affected parties with free credit monitoring services. Signing up for the free credit monitoring offers some significant protections and doesn’t impact any of your rights to pursue a data breach lawsuit against the company if it turns out they were legally responsible for the breach. You should contact a credit bureau to request a copy of your credit report—even if you do not notice any signs of fraud or unauthorized activity. Adding a fraud alert to your account will provide you with additional protection.
Consider Implementing a Credit Freeze: A credit freeze prevents anyone from accessing your credit report. Credit freezes are free and stay in effect until you remove them. Once a credit freeze is in place, you can temporarily lift the freeze if you need to apply for any type of credit. While placing a credit freeze on your accounts may seem like overkill, given the risks involved, it’s justified. According to the Identity Theft Resource Center (“ITRC”), placing a credit freeze on your account is the “single most effective way to prevent a new credit/financial account from being opened.” However, just 3% of data breach victims place a freeze on their accounts.
Regularly Monitor Your Credit Report and Financial Accounts: Protecting yourself in the wake of a data breach requires an ongoing effort on your part. You should regularly check your credit report and all financial account statements, looking for any signs of unauthorized activity or fraud. You should also call your banks and credit card companies to report the fact that your information was compromised in a data breach.
Below is an excerpt from the initial data breach letter issued by JMA Energy:
Dear [Consumer],
We are writing on behalf of our client JMA Energy (“JMA”) (located at 1021 NW Grand Boulevard, Oklahoma City, OK 73118), to notify you of a data security incident involving ten (10) Maine residents.
Nature
On December 6, 2021, JMA discovered that they were the victim of a sophisticated ransomware attack that resulted in encryption and unauthorized access to their network. At that time, JMA took immediate steps to stop the threat and understand the full scope of the situation. This included hiring third- party forensic experts to conduct a thorough investigation and assist in the remediation efforts. On January 14, 2022, JMA concluded its initial investigation and found that the unauthorized individual gained access to its systems via a malicious software that remained hidden but has since been remediated.
At that time, JMA began a comprehensive search of the data to determine what information was involved and the individuals the incident impacted. JMA recently concluded its review and determined that the incident involved personal information related to Maine residents. However, as of now, there is no evidence indicating identity theft or financial harm involving any of the information. On February 17, 2022, JMA confirmed the most recent contact information of these individuals.
This information may have included, but not be limited to, names, addresses, phone numbers, social security numbers, tax ID numbers, banking and other financial information (but to our knowledge, not security access information related to banking information).
Notice and JMA’s Response to the Event
On February 23, 2022, JMA will mail a written notification to the potentially affected Vermont residents, pursuant to pursuant to pursuant to 9 V.S.A § 2435, in a substantially similar form as the enclosed letter (attached as Exhibit A).
Additionally, JMA is providing these potentially impacted individuals the following:
Guidance on ways to protect against identity theft and fraud, including steps to report any suspected activities or events of identity theft or fraud to their credit card company and/or bank.
The appropriate contact information for the consumer reporting agencies along with information on how to obtain a free credit report and place a fraud alert and security freeze on their
credit file;
A reminder to remain vigilant for incidents of fraud and identity theft by reviewing account statements and monitoring free credit reports; and
Encouragement to contact the Federal Trade Commission and law enforcement to report attempted or actual identity theft and fraud.
Further, JMA provided the notice to the three national credit reporting agencies along with the applicable government regulators, officials, and other Attorneys General (as necessary).
Finally, JMA is working to implement any necessary additional safeguards, enhance and improve its policies and procedures related to data protection, improve its cybersecurity infrastructure, and further train its employees on best practices to minimize the likelihood of this type of incident occurring again.
See more »
DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.
© Console and Associates, P.C. | Attorney Advertising
Refine your interests »
This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.
Back to Top
Explore 2021 Readers’ Choice Awards
Copyright © JD Supra, LLC