Skip to main content
Computer

Compex Data Breach Investigation

Written by Joseph Lyon on . Posted in Data Breach.

The Lyon Firm is investigating the recently announced Compex data breach on behalf of California plaintiffs. Contact our data breach lawyers to learn more about the data security incident and to consider taking legal action. Our legal team is currently filing numerous class-action data privacy complaints on behalf of individuals nationwide. Call now for a free and confidential consultation.

UPDATE: According to Attorneys General postings, as many as 28,000 individuals may have had their data compromised in this data theft incident. Letters sent to those impacted  say that on April 17, 2024, Compex discovered suspicious activity on its IT network and later concluded that  unauthorized access began on April 9, 2024. They say “certain files” were acquired by an unknown actor.

What Happened at Compex Legal Services?

On July 24, 2024, Compex Legal Services Inc. filed a notice of data breach with the Attorney General of California after discovering that its computer network was accessed by an unauthorized source. In their notice, Compex explains that the data security incident resulted in an unauthorized party being able to access consumers’ sensitive information, which included Social Security numbers, health insurance information, and other sensitive data. The data was allegedly obtained by unauthorized users who accessed the network between April 9, 2024, and April 17, 2024.

After an initial investigation, Compex started sending out data breach notification letters to individuals whose information was impacted. If you receive a data breach notification from Compex Legal Services Inc. or another entity with connections to Compex, it is important to understand the risks of identity theft and fraud associated with data breach events.

Based in Torrance, California, Compex serves more than 500 insurance companies and 4,000 law firms. The company provides record retrieval and litigation support services to insurance carriers, third-party administrators, and law offices.

What Personal Data was Compromised?

According to a notice posted on the company’s website, the following personally identifiable information (PII) may have been compromised:

  • First and Last Name
  • Date of Birth
  • Social Security Number
  • Medical Record Number
  • Medical Diagnosis
  • Treatment Information
  • Health Insurance Information

Both PII and Protected Health Information (PHI) are protected under state and federal law. Health care providers and businesses like Compex, which may collect and store PHI, are required to protect that information to the best of their ability. If a company fails to protect this data, and it is breached by criminals, they may be held liable if they did not build and maintain reasonably secure IT systems.

California offers robust protections and legal rights to its residents through the California Consumer Privacy Act (CCPA). Contact our data privacy lawyers to learn more about your legal options. The Lyon Firm’s data breach attorneys are involved in numerous data theft cases, and we represent clients in all fifty states.