Massive MCNA Data Breach Affects 8.9 Million Clients Including Texas But Nothing on It’s Texas Website

MCNA has been making the news the last few days because it placed a notice on its website May 26 as well as sent letters to several state Attorney Generals that it was hacked back in February and that the hacker group involved stole the personal data of some 8.9 million clients.

Ransomware attack

According to news sources, the hacker group, LockBit, tried to ransom the data for $10 million but MCNA refused to pay.  So the group published some 700Gs of personal data on its website on April 7. The group stole the information from February 26 to March 7.  MCNA only became aware of the unauthorized hack on March 6.

Data stolen includes names, addresses, phone numbers, birth dates, Social Security numbers, driver’s license numbers, ID numbers, health insurance information, and information related to dental/orthodontic care.

Clients in Texas affected

We have seen news reports that MCNA informed the Attorney Generals of Florida and Maine but it is not known if the Texas Attorney General was notified.  We assume so as the notice on the MCNA main website goes to a webpage maintained by IDX, a consumer privacy platform that is a large provider of data breach response services, and lists the Texas Health and Human Services Commission as an affected party.

No notification on Texas website

However, there is no notification on the MCNA Texas website to notify Texas clients their personal data may have been stolen.

Really late notification

It’s late May.  The breach occurred on April 7.  One has to wonder why the delayed notification.

MCNA serves more than five million children and adults through its programs.

The personal information of nine million stolen. Ouch.

One Response

  • If your readers want to prevent the inevitable fraud from misuse of their insurance credentials, we’e here to help
    Jeff Leston

Leave a Reply

Your email address will not be published. Required fields are marked *