One of the state’s largest private ambulance businesses is possibly facing a major class action lawsuit for failing to warn over 318,000 clients of the theft of their personal information for months.
Empress Ambulance Services allegedly downplayed the hack by Hive Gang, a notorious ransomware group, by telling its customers that only a “small subset of files” had been stolen, despite knowing that at least 100,000 social security numbers and medical records had been compromised, according to a lawsuit filed Tuesday in Manhattan federal court.
According to the complaint, the breach happened in late May, but the corporation did not notice it until July 14 and did not notify victims until September 9.
Empress allegedly did not inform its clients that the Hive Gang was responsible for the hack, despite receiving boastful emails from the criminal organization. According to the FBI, the Hive Gang became active in June 2021 and has since received over $100 million in ransom payments from 1,300 companies worldwide.
Empress Ambulance Services apparently did not inform its customers that the Hive Gang was responsible for the data breach.
According to the complaint, the hacking group wrote to Empress, “We penetrated your network and stayed there for 12 days (enough time to study all your documentation and acquire access to your files and services), encrypted your servers, and downloaded over 280 GB of your most sensitive data.”
According to the complaint, the hacker gang posted Empress on their website on the dark web immediately after the data theft. Since then, it has been discovered that stolen files from the ambulance service are accessible for download on the dark web.
Shortly after the data theft, the hacking gang posted Empress Ambulance Services on their website on the dark web.
The case is one of at least four distinct petitions seeking secret damages against Empress.
The Empress did not reply to requests for comment.
»New York Ambulance Service reportedly minimized the Hive Gang hack of 300,000 members«