Morley Companies Resolves Class Action Data Breach Lawsuit

Morley Companies has decided to resolve a class action lawsuit sent in on behalf of persons impacted by a big data breach that happened on or about August 1, 2022. Funding of $4.3 million was made to pay for claims from people impacted by the security breach.

On or about August 1, 2021, business services provider Morley Companies based in Saginaw, MI encountered a cyberattack that enabled hackers to get access to portions of its system. Morley Companies stated the attack made its data systems inaccessible because the files were encrypted. The investigation confirmed that the hackers extracted files that contain protected health information (PHI).

Morley Companies mailed roughly 628,000 breach notification letters and reported the breach to the HHS’ Office for Civil Rights indicating that the PHI of 521,046 persons was affected. The breached data involved names, Social Security numbers, addresses, dates of birth, client ID numbers, medical diagnostic and treatment data, and medical insurance data. Morley Companies did not accept any liability for the attack and did not admit any wrongdoing, nevertheless, it opted to resolve the lawsuit to prevent increasing legal expenses and the potential for trial.

Based on the conditions of the settlement deal, class members may file a claim to get compensation of as much as $2,500 for recorded out-of-pocket expenditures that are sensibly traceable to the cyberattack and information breach. These can consist of unreimbursed deficits associated with fraud or identity theft, professional costs such as lawyers’ and accountants’ charges, costs for credit repair services, expenses related to freezing or unfreezing credit available in any credit reporting company, credit monitoring expenses accrued on or following August 1, 2021, and miscellaneous costs like notary, data charges, postage, fax, copying, cell phone expenses, mileage, and long-distance phone expenses (terms apply).

Class members may likewise get as much as four hours at $20 per hour of lost time. Citizens of California during the time of the breach are eligible to receive a $75 payment. Additionally, people who failed to earlier avail the credit and identity monitoring services offered by Morley Companies via IDX will be given a new offer and activation code good for 90 days to get 3-bureau credit monitoring for three years since the effectivity of the settlement. Class members will likewise get a membership to the Dashlane password management service for one year.

Class members can refuse or not include themselves in the settlement. Those who have claims may submit on March 20, 2023. The final acceptance hearing for the negotiation is on April 19, 2023.

About Christine Garcia 1299 Articles
Christine Garcia is the staff writer on Calculated HIPAA. Christine has several years experience in writing about healthcare sector issues with a focus on the compliance and cybersecurity issues. Christine has developed in-depth knowledge of HIPAA regulations. You can contact Christine at [email protected]. You can follow Christine on Twitter at