Subcontractor breach impacts 1,700 in Dominion Resources employee wellness plan

Share this article:

About 1,700 people in the employee wellness program for Virginia-based Dominion Resources are being notified that their personal information was accessed by an attacker who gained entry to the systems of a subcontractor, Onsite Health Diagnostics.

How many victims? About 1,700. 

What type of personal information? Names, addresses, email addresses, phone numbers, genders, and dates of birth. Encrypted passwords for an Onsite Health Diagnostics system were also accessed.

What happened? An attacker accessed the systems of Onsite Health Diagnostics, which contained the information.

What was the response? Dominion Resources has notified impacted individuals, advised them to change their usernames and passwords, and offered them a free year of credit monitoring services. Dominion Resources is no longer using Onsite Health Diagnostics for scheduling.

Details: The breach occurred on March 25, but was not immediately discovered. Onsite Health Diagnostics notified StayWell Health Management, the employee wellness program vendor, on June 16. Dominion Resources was notified on June 24. The identities of impacted individuals were learned on July 7. The information related to Dominion Resources employees, as well as their spouses and domestic partners, who scheduled a health-screening appointment online.

Quote: “We are taking this matter seriously and are conducting a thorough review of all of these types of vendors,” C. Ryan Frazier, a Dominion Resources spokesperson, said.

Source: timesdispatch.com, Richmond Times-Dispatch, “Personal information of 1,700 in Dominion Resources' employee wellness plan hacked,” July 15, 2014.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

POLL

More in The Data Breach Blog

Florida medical center hit with breach for third time in two years

Aventura Hospital and Medical Center has reported a data breach for the third time in two years.

Tampa General Hospital breach impacts hundreds of patients

Tampa General Hospital is notifying 675 patients that their personal information may have been accessed, without authorization, by a former employee.

George Mason University travel system targeted for malware attack

The incident could have exposed the names and Social Security numbers of users, although no evidence has surfaced to suggest that's the case.