Unity Recovery Group client data improperly disclosed
Florida-based Unity Recovery Group is notifying clients and/or potential clients that their personal information was improperly disclosed to one or more recovery and/or rehabilitation service providers that are unaffiliated with Unity.
How many victims? Less than 1,000 individuals. Impacted individuals reside in several states, none of which include more than 500 affected individuals.
What type of personal information? Names, addresses, dates of birth, telephone numbers, Social Security numbers, email addresses, insurance information and certain health-related information.
What happened? Personal information was improperly disclosed to one or more recovery and/or rehabilitation services providers that are unaffiliated with Unity.
What was the response? Unity has implemented additional technological security measures, as well as additional training of employees to ensure compliance with Unity's policies. All potentially impacted individuals are being notified, and offered a free year of identity and credit protection services.
Details: Unity learned of the incident in April. The information was improperly disclosed between April 2014 and March.
Quote: “While we have not received any indication that the information disclosed has been accessed or used for any other purpose, we are required to obtain your prior written consent before disclosing your personal information, with limited exception,” according to a notification letter.
Source: doj.nh.gov, “Notice of Potential Security and Data Breach Involving Protected Information,” May 26, 2015.