COLUMBUS, Ohio — According to a federal class action lawsuit filed this month, it's estimated there were more than 3 million victims of the CareSource cyberattack. Information such as social security numbers and member IDs were stolen by a Russia-based ransomware gang.
The attack, according to CareSource, happened in May and the victims affected are just finding out this week. Victims like Michelle Hutchinson, who has already had her identity stolen once before.
Earlier this week when she made a phone call to enroll in the free identity theft and credit monitoring program offered through CareSource, she hit a roadblock. She failed the test of questions to prove her identity.
She doesn’t know why, but said she assumed it’s because her identity was stolen in 2017. She has been working for years to figure out how that happened. She did discover, through the Franklin County Auditor’s Office, that her social security number is tied to several properties, but only one belongs to her.
She said getting to the bottom of what happened in 2017 has been an exhausting experience and it’s frustrating that it is impacting her now, with trying to enroll in a free program in the wake of the CareSource cyber-attack.
“I don't know what to say. I've called the right agencies, but they say they'll call you back and you don't get a callback or you email and you don't get an email response so you end up just being stuck,” Hutchinson said.
Hutchinson said she has followed every step possible by filling out identity theft paperwork with the FTC and she has contacted the Consumer Financial Protection Bureau and the IRS. She has also reached out to all three credit agencies to see where her information might be on file incorrectly. Still, she is getting nowhere.
And now this week, she got the letter about the CareSource hack. Her sensitive information was compromised again. And because of that, she had trouble signing up for the free monitoring program.
She said it can take a long time to recover from identity theft, and it can impact future cases your information is involved in.
Hutchinson said there is some good news. A representative from the monitoring program offered by CareSource eventually helped her enroll.
For her, the bottom line is that she wants to see CareSource do more to respond than by offering a free monitoring program.
“It just doesn't do much. They don't really correct anything. They might monitor it for more hits on my credit that are not correct but I don't think they really fix anything,” she said.
In a statement to 10TV, a CareSource spokesperson said in part "CareSource quickly took steps to support its members impacted by this global security event by retaining a leading cyber security firm, providing complimentary credit and identity monitoring, fraud consultation and identify theft restoration, and training teams."
In a federal class action lawsuit filed earlier this month, CareSource is accused of not having industry standards for cyber security protection. CareSource has not yet filed a response.
To read more from CareSource about the cyberattack, click here.