About 1,700 people in the employee wellness program for Virginia-based Dominion Resources are being notified that their personal information was accessed by an attacker who gained entry to the systems of a subcontractor, Onsite Health Diagnostics.
How many victims? About 1,700.
What type of personal information? Names, addresses, email addresses, phone numbers, genders, and dates of birth. Encrypted passwords for an Onsite Health Diagnostics system were also accessed.
What happened? An attacker accessed the systems of Onsite Health Diagnostics, which contained the information.
What was the response? Dominion Resources has notified impacted individuals, advised them to change their usernames and passwords, and offered them a free year of credit monitoring services. Dominion Resources is no longer using Onsite Health Diagnostics for scheduling.
Details: The breach occurred on March 25, but was not immediately discovered. Onsite Health Diagnostics notified StayWell Health Management, the employee wellness program vendor, on June 16. Dominion Resources was notified on June 24. The identities of impacted individuals were learned on July 7. The information related to Dominion Resources employees, as well as their spouses and domestic partners, who scheduled a health-screening appointment online.
Quote: “We are taking this matter seriously and are conducting a thorough review of all of these types of vendors,” C. Ryan Frazier, a Dominion Resources spokesperson, said.
Source: timesdispatch.com, Richmond Times-Dispatch, “Personal information of 1,700 in Dominion Resources' employee wellness plan hacked,” July 15, 2014.