In August 2024, PRC-Saltillo, a company specializing in assistive communication devices, suffered a **targeted cyberattack** that compromised its computer systems. The breach exposed highly sensitive personal and medical data of individuals, including **names, addresses, phone numbers, dates of birth, medical and insurance details, and in some cases, Social Security numbers**. The incident led to a **$632,250 class action settlement**, with affected individuals eligible for reimbursement of up to $5,000 for out-of-pocket losses (e.g., fraud, identity theft, credit monitoring, legal fees) and a pro rata share of remaining funds. Minors impacted received automatic **eight-year identity monitoring**. The lawsuit alleged negligence in safeguarding data, though PRC-Saltillo denied wrongdoing. The breach’s scope—affecting medical and personally identifiable information (PII)—poses long-term risks of identity theft, financial fraud, and reputational harm to victims.
Source: https://www.claimdepot.com/settlements/prc-settlement
PRC-Saltillo cybersecurity rating report: https://www.rankiteo.com/company/prc-saltillo
"id": "PRC3503235111325",
"linkid": "prc-saltillo",
"type": "Cyber Attack",
"date": "8/2024",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'All individuals (and minors) '
'notified of the breach; exact '
'number unspecified',
'industry': 'Medical Devices / Assistive Technology',
'name': 'Prentke Romich Company (dba PRC-Saltillo)',
'type': 'Private Company'}],
'attack_vector': 'Targeted Cyberattack',
'customer_advisories': 'Eligible individuals can claim reimbursement for '
'out-of-pocket losses (up to $5,000) and a pro rata '
'cash payment. Minors receive 8 years of identity '
'monitoring (Minor Defense Pro).',
'data_breach': {'data_exfiltration': 'Yes (implied by exposure of data)',
'personally_identifiable_information': ['Names',
'Addresses',
'Phone numbers',
'Dates of birth',
'Social Security '
'numbers (partial)'],
'sensitivity_of_data': 'High (includes SSNs, medical, and '
'insurance data)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Protected Health Information '
'(PHI)',
'Medical records',
'Insurance details']},
'date_detected': '2024-08',
'description': 'A targeted cyberattack on Prentke Romich Co. (dba '
'PRC-Saltillo) in August 2024 exposed sensitive personal and '
'medical information, including names, addresses, phone '
'numbers, dates of birth, medical and insurance details, and '
'Social Security numbers in some cases. The company agreed to '
'a $632,250 class action settlement to resolve allegations of '
'negligence, though it denies wrongdoing.',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'exposure of sensitive data and class '
'action lawsuit',
'data_compromised': ['Names',
'Addresses',
'Phone numbers',
'Dates of birth',
'Medical details',
'Insurance details',
'Social Security numbers (in some cases)'],
'financial_loss': '$632,250 (settlement fund)',
'identity_theft_risk': 'High (due to exposure of PII, including '
'SSNs)',
'legal_liabilities': "$632,250 settlement (including attorneys' "
'fees, expenses, and class member payments)',
'systems_affected': ['Computer systems']},
'investigation_status': 'Settled (class action lawsuit resolved)',
'references': [{'source': 'PRC-Saltillo Data Breach Settlement Website'},
{'source': 'Class Action Settlement Notice (August 2024 '
'Breach)'}],
'regulatory_compliance': {'legal_actions': 'Class action lawsuit settled for '
'$632,250'},
'response': {'communication_strategy': 'Settlement notices sent to affected '
'individuals; online and mail-in claim '
'options provided'},
'stakeholder_advisories': 'Settlement notices sent to affected individuals; '
'claim submission instructions provided',
'title': 'PRC-Saltillo Data Breach (August 2024)',
'type': ['Data Breach', 'Class Action Lawsuit']}