Subcontractor breach impacts 1,700 in Dominion Resources employee wellness plan

Share this article:

About 1,700 people in the employee wellness program for Virginia-based Dominion Resources are being notified that their personal information was accessed by an attacker who gained entry to the systems of a subcontractor, Onsite Health Diagnostics.

How many victims? About 1,700. 

What type of personal information? Names, addresses, email addresses, phone numbers, genders, and dates of birth. Encrypted passwords for an Onsite Health Diagnostics system were also accessed.

What happened? An attacker accessed the systems of Onsite Health Diagnostics, which contained the information.

What was the response? Dominion Resources has notified impacted individuals, advised them to change their usernames and passwords, and offered them a free year of credit monitoring services. Dominion Resources is no longer using Onsite Health Diagnostics for scheduling.

Details: The breach occurred on March 25, but was not immediately discovered. Onsite Health Diagnostics notified StayWell Health Management, the employee wellness program vendor, on June 16. Dominion Resources was notified on June 24. The identities of impacted individuals were learned on July 7. The information related to Dominion Resources employees, as well as their spouses and domestic partners, who scheduled a health-screening appointment online.

Quote: “We are taking this matter seriously and are conducting a thorough review of all of these types of vendors,” C. Ryan Frazier, a Dominion Resources spokesperson, said.

Source: timesdispatch.com, Richmond Times-Dispatch, “Personal information of 1,700 in Dominion Resources' employee wellness plan hacked,” July 15, 2014.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

RECENT COMMENTS

FOLLOW US

More in The Data Breach Blog

Malware on Breyer Horses website for about 18 months, payment card data ...

Malware installed on the computer server hosting the Breyer Horses website may have compromised personal information for people who made purchases between March 31, 2013 and Oct. 6.

Transcript website flaw exposed personal data on 98k users

NeedMyTranscripts.com expose users' names, addresses and dates of birth, among other information, due to a site flaw that one user discovered.

Sourcebooks payment card breach impacts more than 5,000 customers

More than 5,000 customers had personal information stolen, but roughly 9,000 notification letters were sent out as a precautionary measure.