SEIU 775 Benefits Group Data Breach Impacts 140,000 Individuals


Service Employees International Union 775 (SEIU 775) Benefits Group, a benefits administrator for home healthcare and nursing home staff, has been infiltrated by a hacking group who managed to remove a range of sensitive data.

An investigation, carried out by IT staff, discovered a variety of anomalies present on SEIU 775’s data systems at different points in time around April 4, 2021. This included the removal of certain data. Following this an external team of third-party cybersecurity experts and forensic consultants were contracted to lead a review into the malicious activity.

This review showed that the group’s databases had been hacked and the data of a number of unidentified people had been removed, including personally identifiable and protected health information. While information was taken from the databases, nothing was found to suggest that PII or PHI was viewed or stolen by the hackers and there have been no reported cases of misuse of data to date.

The range of data that may have been compromised during the data breach includes:

  • Names
  • Address details
  • Social Security info
  • Health plan eligibility details

Once the malicious activity was discovered, measures were swiftly implemented to stop additional unauthorized access and to contain the breach. External cybersecurity experts have been auditing system security and SEIU 775 is assisting the group’s consultants to further enhance its cybersecurity measures.

The HHS’ Office for Civil Rights has been informed that around 140,000 people were impacted in the breach. Those impacted have been offered free credit monitoring and identity theft protection/restoration services through Kroll for the next year.

In May, another benefits administrator was also impacted by a similar breach. The Florida vision and hearing benefits administrator 20/20 Hearing Care Network suffered a data deletion attack that impacted up to 3.3 million clients. This occurred when a cybercriminal was able to infiltrated and remove data held in an unsecured Amazon Web Services cloud storage bucket.