USAA Data Breach

NOTICE: If you received a NOTICE OF DATA BREACH letter from USAA, contact the Arnold Law Firm at (916) 777-7777 to discuss your legal options, or submit a confidential Case Evaluation form here.

Between August 28 and August 29, 2024, the United Services Automobile Association (“USAA”) reported a cybersecurity incident (“Data Breach”) to the Attorney General Offices in Maine and California. USAA disclosed that on April 30, 2024, it detected a system error that resulted in an inadvertent exposure of certain information to another member’s online account. A subsequent investigation concluded on July 31, 2024, confirmed the unauthorized disclosure of sensitive information belonging to certain USAA members.

On August 27, 2024, USAA began sending out data breach notification letters to those affected by the Data Breach. Each notification letter includes an offer for a complimentary membership to Experian IdentityWorksSM, a service that provides identity monitoring.

According to USAA’s report to the Attorney General of Maine, approximately 32,276 individuals were impacted by the Data Breach. As the Data Breach was only recently announced, USAA has not yet disclosed additional details. If you received a data breach notification letter from USAA, it indicates that you were affected by the Data Breach.

Headquartered in San Antonio, Texas, USAA is a diversified financial services group that provides insurance, banking, investment, and retirement solutions primarily to members of the U.S. military, veterans, and their families. Founded in 1922, USAA has grown to serve over 13 million members. As of 2020, USAA reported revenues of approximately $35.6 billion with 36,000 employees.

WHAT INFORMATION IS INVOLVED?

The type of compromised information varied among individuals and potentially included:

  • Full names,
  • Addresses,
  • Email addresses,
  • Dates of birth,
  • Social Security numbers,
  • Driver’s license numbers,
  • Passport numbers,
  • Vehicle identification numbers,
  • Loan numbers,
  • Health information,
  • Property and casualty insurance policy information.

This information is referred to as your Personally Identifiable Information (“PII”). It provides critical details about you and is an integral part of your identity. Businesses are legally required to protect this information, or they risk incurring statutory penalties and other legal repercussions. When PII is stolen, it can be used by identity thieves to commit fraudulent activities using your identity.

The compromised information also includes your Protected Health Information (“PHI”), a specific type of PII. It is protected under both state and federal law. Healthcare providers and other businesses that handle PHI are required to protect that information. Like stolen PII, stolen PHI can be used by identity thieves to engage in fraudulent activity using your identity. Quite often, PII and PHI are used in conjunction by hackers.

The best way to protect yourself after a data breach is to sign up for credit and identity protection services as soon as possible. California offers extra protections and legal rights to its residents through the California Consumer Privacy Act (“CCPA”).

NOTICE: If you received a NOTICE OF DATA BREACH letter from USAA, contact the Arnold Law Firm at (916) 777-7777 to discuss your legal options, or submit a confidential Case Evaluation form here.