OneBlood Inc. experienced a **data breach** between **July 14–29, 2024**, where an unauthorized third party accessed or potentially accessed **private information of current/former employees and blood donors**. The exposed data led to a **class action lawsuit**, alleging OneBlood failed to adequately protect sensitive information. The company agreed to a **$1 million settlement**, offering affected individuals up to **$2,500 for documented losses** (e.g., fraud-related bank fees, credit monitoring costs, legal fees) or a **flat $60 payment** for undocumented claims. The breach triggered financial and reputational harm, with victims facing risks of identity theft, fraud, and privacy violations. OneBlood denied negligence but settled to avoid prolonged litigation. The incident underscores vulnerabilities in handling **employee and donor data**, with long-term trust and operational impacts.
Source: https://www.claimdepot.com/settlements/oneblood-data-settlement
TPRM report: https://www.rankiteo.com/company/oneblood
"id": "one3893538092225",
"linkid": "oneblood",
"type": "Breach",
"date": "7/2024",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Current and former employees '
'and donors (exact number '
'unspecified)',
'industry': 'Healthcare (Blood donation services)',
'location': 'United States',
'name': 'OneBlood Inc.',
'type': 'Non-profit organization'}],
'customer_advisories': {'claim_process': ['Submit claim form online or by '
'mail',
'Deadline: December 4, 2025',
'Required: Class Member ID from '
'settlement notice',
'Documentation required for losses '
'over $60'],
'eligibility_criteria': ['Individuals whose private '
'information was compromised '
'between July 14–29, 2024',
'Recipients of written '
'notification from OneBlood'],
'payout_timeline': 'Approximately 90 days after final '
'court approval (expected Dec 9, '
'2025)'},
'data_breach': {'data_exfiltration': 'Accessed or potentially accessed',
'personally_identifiable_information': True,
'sensitivity_of_data': 'High (includes personally '
'identifiable information)',
'type_of_data_compromised': 'Private information (specific '
'types unspecified, likely PII)'},
'date_detected': '2024-07-14',
'description': 'An unauthorized third party accessed or potentially accessed '
'private information of certain OneBlood employees and donors '
'between July 14 and July 29, 2024. The breach led to a class '
'action lawsuit, resulting in a $1 million settlement fund for '
'affected individuals. OneBlood denied allegations of '
'inadequate protection but settled to avoid litigation costs.',
'impact': {'brand_reputation_impact': True,
'customer_complaints': True,
'data_compromised': True,
'financial_loss': {'administration_costs': 'To be determined',
'attorneys_fees': 'Up to $450,000',
'claim_payouts': {'alternate_cash': '$60 per '
'claimant',
'documented_losses': 'Up to '
'$2,500 '
'per '
'claimant'},
'service_awards': 'Up to $1,500 per named '
'plaintiff',
'settlement_fund': '$1,000,000'},
'identity_theft_risk': True,
'legal_liabilities': {'class_action_lawsuit': True,
'settlement_agreement': True}},
'investigation_status': 'Settled (class action lawsuit resolved with $1M '
'fund)',
'post_incident_analysis': {'corrective_actions': {'financial_compensation_for_affected_individuals': True,
'settlement_agreement': True}},
'references': [{'source': 'Class Action Settlement Notice (Newberry v. '
'OneBlood, Inc.)'},
{'source': 'Settlement Administrator (Kroll Settlement '
'Administration LLC)'}],
'regulatory_compliance': {'legal_actions': {'class_action_lawsuit': True,
'settlement_agreement': True}},
'response': {'communication_strategy': {'settlement_claim_process': {'deadline': '2025-12-04',
'mail_in_pdf_form': True,
'online_claim_form': True,
'payout_options': ['electronic '
'payment',
'paper '
'check']},
'written_notifications': True}},
'stakeholder_advisories': {'settlement_claim_instructions': True,
'written_notifications_to_affected_individuals': True},
'threat_actor': 'Unauthorized third party',
'title': 'OneBlood Data Breach (July 2024)',
'type': 'Data Breach'}