In April 2024, Octapharma Plasma Inc. experienced a data breach due to alleged inadequate cybersecurity measures, resulting in unauthorized access to sensitive personal information of consumers. The compromised data included names, dates of birth, Social Security numbers, health data, and donor eligibility information. The breach exposed affected individuals to risks of identity theft, fraud, and financial harm. Octapharma agreed to a $2.55 million class action settlement to resolve claims, offering affected individuals up to $5,050 in compensation for documented losses, a flat cash payment (estimated at $100), and three years of credit monitoring. California residents were eligible for an additional $50 statutory payment. The settlement aimed to mitigate the fallout from the breach, though the company denied wrongdoing.
Source: https://www.claimdepot.com/settlements/opi-data-settlement
TPRM report: https://www.rankiteo.com/company/octapharma-plasma-inc.
"id": "oct0732507091625",
"linkid": "octapharma-plasma-inc.",
"type": "Breach",
"date": "4/2024",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Class members (U.S. residents '
'notified of breach; exact '
'number unspecified)',
'industry': 'Healthcare (Plasma Donation)',
'location': 'United States',
'name': 'Octapharma Plasma Inc.',
'type': 'Corporation'}],
'customer_advisories': 'Eligible individuals can file claims for compensation '
'(documented losses, flat payment, or credit '
'monitoring) by Nov 14, 2025',
'data_breach': {'data_exfiltration': 'Yes (unauthorized access confirmed)',
'personally_identifiable_information': ['Names',
'Dates of birth',
'Social Security '
'numbers',
'Health data',
'Donor eligibility '
'information'],
'sensitivity_of_data': 'High (SSNs, health data, donor '
'eligibility)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Protected Health Information '
'(PHI)']},
'date_detected': '2024-04',
'description': 'Octapharma Plasma Inc. experienced a data breach in April '
'2024, resulting in unauthorized access to sensitive personal '
'information, including names, dates of birth, Social Security '
'numbers, health data, and donor eligibility information. The '
'company agreed to a $2.55 million settlement to resolve a '
'class action lawsuit alleging inadequate cybersecurity '
'measures.',
'impact': {'brand_reputation_impact': 'Significant (settlement and public '
'disclosure)',
'customer_complaints': 'Class action lawsuit filed',
'data_compromised': ['Names',
'Dates of birth',
'Social Security numbers',
'Health data',
'Donor eligibility information'],
'financial_loss': {'attorneys_fees': 'Up to $849,915',
'credit_monitoring_costs': 'Dependent on valid '
'claims',
'individual_claims': {'california_statutory_payment': '$50 '
'(for '
'CA '
'residents '
'as '
'of '
'2024-04-17)',
'documented_losses': 'Up '
'to '
'$5,000',
'flat_cash_payment': 'Estimated '
'$100 '
'(adjustable)'},
'service_awards': 'Up to $2,500 each (class '
'representatives)',
'settlement_fund': '$2,550,000'},
'identity_theft_risk': 'High (PII and health data exposed)',
'legal_liabilities': '$2.55 million settlement'},
'investigation_status': 'Settled (class action lawsuit resolved)',
'post_incident_analysis': {'corrective_actions': 'Settlement agreement (no '
'technical details provided)',
'root_causes': 'Alleged inadequate cybersecurity '
'measures'},
'references': [{'source': 'Class Action Settlement Notice (Woodall v. '
'Octapharma Plasma Inc.)'}],
'regulatory_compliance': {'legal_actions': 'Class action lawsuit settled for '
'$2.55M'},
'response': {'communication_strategy': 'Notice sent to affected individuals; '
'class action settlement process',
'recovery_measures': 'Settlement fund for affected individuals '
'($2.55M)'},
'stakeholder_advisories': 'Notice sent to affected individuals; settlement '
'claims process ongoing',
'title': 'Octapharma Plasma Inc. Data Breach (April 2024)',
'type': 'Data Breach'}