Human resources third-party vendor Empathia announced a potential data breach affecting its employee assistance program (EAP).
Private information on the servers of the Wisconsin-based company including full names, addresses, phone number, and social security numbers belonging to employees and customers of Empathia's clients may have been accessed. The human resources services firm discovered “spam files” files on a company server in late January, according to a notification letter filed with the California attorney general's office, though it appears customers were not notified until last Friday.
The company was “not aware of any actual or attempted misuse” of customer information. The letter claimed that there is “no indication the unauthorized access was for any purpose other than using our servers to spread spam emails.
Empathia's other services include disaster mitigation, organizational development, and a crisis response unit. The Black Swan Solutions crisis response unit helps client companies “rapidly communicate with stakeholders, demonstrate compassion for victims, and protect reputations” in urgent situations such as data breaches and mass casualty events.