Subcontractor breach impacts 1,700 in Dominion Resources employee wellness plan

Share this article:

About 1,700 people in the employee wellness program for Virginia-based Dominion Resources are being notified that their personal information was accessed by an attacker who gained entry to the systems of a subcontractor, Onsite Health Diagnostics.

How many victims? About 1,700. 

What type of personal information? Names, addresses, email addresses, phone numbers, genders, and dates of birth. Encrypted passwords for an Onsite Health Diagnostics system were also accessed.

What happened? An attacker accessed the systems of Onsite Health Diagnostics, which contained the information.

What was the response? Dominion Resources has notified impacted individuals, advised them to change their usernames and passwords, and offered them a free year of credit monitoring services. Dominion Resources is no longer using Onsite Health Diagnostics for scheduling.

Details: The breach occurred on March 25, but was not immediately discovered. Onsite Health Diagnostics notified StayWell Health Management, the employee wellness program vendor, on June 16. Dominion Resources was notified on June 24. The identities of impacted individuals were learned on July 7. The information related to Dominion Resources employees, as well as their spouses and domestic partners, who scheduled a health-screening appointment online.

Quote: “We are taking this matter seriously and are conducting a thorough review of all of these types of vendors,” C. Ryan Frazier, a Dominion Resources spokesperson, said.

Source:, Richmond Times-Dispatch, “Personal information of 1,700 in Dominion Resources' employee wellness plan hacked,” July 15, 2014.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters



More in The Data Breach Blog

About 60K transactions possibly affected in Cape May-Lewes Ferry breach

The security of card processing systems relating to food, beverage and retail sales at the Cape May-Lewes Ferry was compromised and payment card data may be at risk.

Arkansas State University-Beebe is investigating a potential breach

Arkansas State University-Beebe is notifying students and employees of a service running on one of its servers that could pose a potential breach to the system.

Unencrypted discs missing, Arizona State Retirement System notifies 44,000

Arizona State Retirement System notifies nearly 44,000 individuals enrolled in dental plans that two unencrypted discs containing their personal information are missing.