Skip to content




A class action lawsuit is a legal proceeding initiated by one or more individuals, known as class representatives, on behalf of a larger group, or class, of individuals who have suffered similar harm or damages. These lawsuits consolidate numerous claims into a single case, streamlining the legal process and ensuring that individuals with relatively small claims have a voice in seeking redress.

Class actions provide a mechanism for individuals with relatively small claims to pursue legal action against powerful corporations or entities, leveling the playing field and ensuring that all affected individuals have access to justice. Class action lawsuits also have an important deterrent effect on corporate misconduct by imposing significant financial consequences on wrongdoers and holding them accountable for their actions.

You do not waive your legal rights if you enroll in complimentary identity protection services offered by the company that failed to protect your information from a data breach. You can both participate in a class action and take advantage of the offered credit monitoring or identity protection services?

There is absolutely no cost to you for participating in a class action lawsuit. All litigation costs are covered by the attorneys representing you. Any attorneys’ fees for class counsel will be paid by the defendant in the amount awarded by the court.

  • Confirm the Breach: Ensure that the data breach is legitimate by verifying the information through credible sources such as the affected company’s official website, news reports, or notifications from relevant authorities.
  • Change Your Passwords: If your login credentials were compromised, change your passwords for the affected accounts immediately. Use strong, unique passwords for each account and consider using a reputable password manager to securely store and manage your passwords.
  • Monitor Your Accounts: Keep a close eye on your bank accounts, credit card statements, and other financial accounts for any unauthorized transactions or suspicious activity. Report any suspicious activity to your financial institution promptly.
  • Consider Freezing Your Credit: To prevent identity thieves from opening new accounts in your name, consider placing a freeze on your credit reports with the major credit bureaus (Equifax, Experian, and TransUnion). This will restrict access to your credit reports and make it harder for unauthorized individuals to open new lines of credit in your name.
  • Monitor Your Credit Reports: Regularly monitor your credit reports for any unfamiliar accounts, inquiries, or other suspicious activity. You’re entitled to a free copy of your credit report from each of the three major credit bureaus once a year through
  • Be Vigilant for Phishing Attempts: Be cautious of unsolicited emails, text messages, or phone calls claiming to be from the affected company or other entities related to the breach. Avoid clicking on links or downloading attachments from suspicious sources, as they may be phishing attempts aimed at stealing your personal information.
  • Consider Identity Theft Protection Services: Depending on the severity of the breach and the information exposed, you may consider enrolling in identity theft protection services offered by reputable companies. These services can provide additional monitoring, alerts, and assistance in resolving identity theft-related issues.
  • Seek Legal Advice: If you believe you have suffered financial losses or other damages as a result of the data breach, consider consulting with a qualified attorney who specializes in data privacy and consumer protection law. An attorney can advise you on your legal rights and options for seeking compensation or redress.
  • Report the Breach: If the breach involves sensitive personal information such as Social Security numbers or financial data, consider reporting it to relevant authorities, such as the Federal Trade Commission (FTC) or your state’s attorney general’s office. Reporting the breach can help authorities investigate the incident and take appropriate action.

Sample Breach Notification Letters


Academy Mortgage Data Breach Sample Notification Letter (downloadable PDF)

Academy Mortgage Corporation
c/o Cyberscout
PO Box 1286
Dearborn, MI 48120-9998
Via First-Class Mail

December 20, 2023

Notice of Data Security Incident

Dear ,

You are receiving this letter because you are a current or former employee of Academy Mortgage Corporation (Academy). We are writing to inform you of an incident that may have exposed your personal information. We take the privacy of your personal information seriously and want to provide you with information and resources you can use to protect information.

What Happened and What Information was Involved:

On March 21, 2023, we detected and stopped a network security incident, in which an unauthorized third party accessed and disabled some of our systems. We immediately engaged third-party forensic specialists to assist us with securing the network environment and investigating the extent of any unauthorized activity. Our investigation, which concluded November 28, 2023, determined an unauthorized third party may have accessed certain individual personal information during this incident.

We found no evidence that your information has been specifically misused; however, it is possible that the following personal information could have been accessed by an unauthorized third party: first and last name, date of birth, and Social Security number. This information was maintained on our system for standard payroll and organizational purposes.

To date, we have not received information of a specific misuse of personal information.

What We Are Doing:

Data security is one of our highest priorities. Upon detecting this incident we moved quickly to initiate a response, which included conducting an investigation with the assistance of IT specialists and confirming the security of our network environment. We also notified law enforcement. We have wiped and rebuilt affected systems and have taken steps to bolster our network security. We are also reviewing and altering our policies, procedures, and network security software relating to the security of our systems.

We are offering Single Bureau Credit Monitoring/Single Bureau Credit Report/Single Bureau Credit Score services at no charge. These services provide you with alerts for twelve months from the date of enrollment when changes occur to your credit file. This notification is sent to you the same day that the change or update takes place with the bureau. Finally, we are providing you with proactive fraud assistance to help with any questions that you might have or in event that you become a victim of fraud. These services will be provided by Cyberscout through Identity Force, a TransUnion company specializing in fraud assistance and remediation services.

What You Can Do:

To enroll in Credit Monitoring services at no charge, please log on to and follow the instructions provided. When prompted please provide the following unique code to receive services: UYJHYTQ4SE. Please note you must enroll within 90 days of the date of this letter.

Enclosed you will find additional information regarding the resources available to you, and the steps that you can take to further protect your personal information.

For More Information:

We recognize that you may have questions not addressed in this letter. If you have additional questions, please call 1-833-519-0431, Monday through Friday, 8:00 am to 8:00 pm EST. We encourage you to take full advantage of this service offering. Representatives have been fully versed on the incident and can answer questions or concerns you may have regarding protection of your personal information.

We value the security of the personal data that we maintain, and understand the frustration, concern, and inconvenience that this incident may have caused.


Academy Mortgage Corporation

Additional Information

Credit Reports: You may obtain a copy of your credit report, free of charge, whether or not you suspect any unauthorized activity on your account. You may obtain a free copy of your credit report from each of the three nationwide credit reporting agencies. To order your free credit report, please visit, or call toll-free at 1-877-322-8228. You can also order your annual free credit report by mailing a completed Annual Credit Report Request Form (available at to: Annual Credit Report Request Service, P.O. Box 105281, Atlanta, GA, 30348-5281.

Security Freeze: You also have the right to place a security freeze on your credit report. A security freeze is intended to prevent credit, loans, and services from being approved in your name without your consent. To place a security freeze on your credit report, you need to make a request to each consumer reporting agency. You may make that request by certified mail, overnight mail, regular stamped mail, or by following the instructions found at the websites listed below. The following information must be included when requesting a security freeze (note that if you are requesting a credit report for your spouse or a minor under the age of 16, this information must be provided for him/her as well): (1) full name, with middle initial and any suffixes; (2) Social Security number; (3) date of birth; (4) current address and any previous addresses for the past five years; and (5) any applicable incident report or complaint with a law enforcement agency or the Registry of Motor Vehicles. The request must also include a copy of a government-issued identification card and a copy of a recent utility bill or bank or insurance statement. It is essential that each copy be legible, display your name and current mailing address, and the date of issue. As of September 21, 2018, it is free to place, lift, or remove a security freeze. You may also place a security freeze for children under the age of 16. You may obtain a free security freeze by contacting any one or more of the following national consumer reporting agencies:

Equifax Security Freeze
P.O. Box 105788
Atlanta, GA 30348

Experian Security Freeze
P.O. Box 9554
Allen, TX 75013

TransUnion Security Freeze
P.O. Box 160
Woodlyn, PA 19094

Fraud Alerts: You can place fraud alerts with the three credit bureaus by phone and online with:
Equifax (;
TransUnion (; or
Experian (

A fraud alert tells creditors to follow certain procedures, including contacting you, before they open any new accounts or change your existing accounts. For that reason, placing a fraud alert can protect you, but also may delay you when you seek to obtain credit. As of September 21, 2018, initial fraud alerts last for one year. Victims of identity theft can also get an extended fraud alert for seven years. The phone numbers for all three credit bureaus are at listed above.

Monitoring: You should always remain vigilant and monitor your accounts for suspicious or unusual activity.

File Police Report: You have the right to file or obtain a police report if you experience identity fraud. Please note that in order to file a crime report or incident report with law enforcement for identity theft, you will likely need to provide proof that you have been a victim. A police report is often required to dispute fraudulent items. You can generally report suspected incidents of identity theft to local law enforcement or to the Attorney General.

FTC and Attorneys General: You can further educate yourself regarding identity theft, fraud alerts, security freezes, and the steps you can take to protect yourself, by contacting the consumer reporting agencies, the Federal Trade Commission, or your state Attorney General.

The Federal Trade Commission can be reached at: 600 Pennsylvania Avenue NW, Washington, DC 20580,, 1-877-ID-THEFT (1-877-438-4338), TTY: 1-866-653-4261. The Federal Trade Commission also encourages those who discover that their information has been misused to file a complaint with them. You can obtain further information on how to file such a complaint by way of the contact information listed above. You have the right to file a police report if you ever experience identity theft or fraud. Please note that in order to file a report with law enforcement for identity theft, you will likely need to provide some proof that you have been a victim. Instances of known or suspected identity theft should also be reported to law enforcement. This notice has not been delayed by law enforcement.

For Maryland residents, the Attorney General can be contacted at 200 St. Paul Place, 16th Floor, Baltimore, MD 21202, 1-888-743-0023, and

For New Mexico residents, you have rights pursuant to the Fair Credit Reporting Act, such as the right to be told if information in your credit file has been used against you, the right to know what is in your credit file, the right to ask for your credit score, and the right to dispute incomplete or inaccurate information. Further, pursuant to the Fair Credit Reporting Act, the consumer reporting agencies must correct or delete inaccurate, incomplete, or unverifiable information; consumer reporting agencies may not report outdated negative information; access to your file is limited; you must give your consent for credit reports to be provided to employers; you may limit prescreened offers of credit and insurance you get based on information in your credit report; and you may seek damages from violators. You may have additional rights under the Fair Credit Reporting Act not summarized here. Identity theft victims and active duty military personnel have specific additional rights pursuant to the Fair Credit Reporting Act. We encourage you to review your rights pursuant to the Fair Credit Reporting Act by visiting or by writing Consumer Response Center, Room 130-A, Federal Trade Commission, 600 Pennsylvania Ave. N.W., Washington, D.C. 20580.

For North Carolina residents, the Attorney General can be contacted at 9001 Mail Service Center, Raleigh, NC 27699-9001, 1-877-566-7226 or 1-919-716-6400, and

For New York residents, the Attorney General may be contacted at Office of the Attorney General, The Capitol, Albany, NY 12224-0341, 1-800-771-7755, and

For Rhode Island residents, the Rhode Island Attorney General can be reached at 150 South Main Street, Providence, Rhode Island 02903,, and 1-401-274-4400. Under Rhode Island law, you have the right to obtain any police report filed in regard to this incident.

Ashford Data Breach Sample Notification Letter (downloadable PDF)

Enrollment Code: <>

P.O. Box 989728 To Enroll, Scan the QR Code Below: West Sacramento, CA 95798-9728

<> <> <> <> <>, <> <> Or Visit:

January 19, 2024


Dear <> <>:

Ashford, Inc. and its subsidiary, <> (collectively, “Ashford”) are contacting you to notify you of an incident suffered by Ashford, Inc. that affects some of your personal information. We take the security of information in our care seriously, and are providing you with this notice to make you aware of the incident, the steps we are taking in response, and steps you may take to help protect your personal information, should you feel it is appropriate to do so.

What Happened? On September 20, 2023, Ashford became aware of suspicious activity on our computer network. Following this, we immediately commenced an investigation with the assistance of computer forensic specialists to secure our systems and determine the nature and scope of the incident. Our investigation determined that an unknown and unauthorized actor accessed certain systems in our environment on September 7, 2023, and accessed and acquired certain files stored on these systems during this time. Ashford then undertook a detailed and time-consuming review of the files to determine what data was contained within the files and to whom that data relates. On or about November 8, 2023, this review concluded, and we determined that information related to you was present within the affected files. Since then, we have worked to locate necessary address information in order to provide an accurate notice. We have no evidence of any fraudulent misuse of your information in connection with this incident.

What Information Was Involved? The following types of your information were present in the affected files: your name and <>. To date, we are unaware of any actual misuse of this information as a result of the event. If information of your dependent(s) was impacted, we are sending you a separate letter for each dependent.

What We Are Doing. Upon discovering this incident, we took immediate steps to further secure our environment and conducted a thorough investigation of the incident. We have also implemented additional safeguards to increase our security posture. We have notified federal law enforcement and other regulators as required. As an added precaution, we are offering you complimentary access to 24 months of credit monitoring services, through IDX, a ZeroFox company. You will need to enroll yourself in these services if you wish to do so, as we are not able to activate them on your behalf. Please review the instructions contained in the attached Steps You Can Take to Protect Personal Information for additional detail on these services.

What You Can Do. Ashford encourages you to remain vigilant against incidents of identity theft and fraud, to review your account statements and monitor free credit reports for suspicious activity and to detect errors. We also encourage you to review the enclosed Steps You Can Take to Protect Personal Information and enroll in the credit monitoring services we are offering. In addition, we encourage you to promptly report any suspected incidents of identity theft to local law enforcement, the Federal Trade Commission, and/or your state Attorney General.