Waste Management Firm Employees PHI Compromised in Data Breach

Due to a a January 2021 cyberattack, USA Waste-Management Resources, LLC has begun getting in touch with a range of internal members of staff and their dependents, as well as those of certain former employees, to make them aware that its self-administered health plan has been impacted as part of the incident in question.

Waste-Management Resources has revealed that, on January 21, 2021, suspicious activity was identified on its internal databases. Due to this discovery, the group initiated an official review which included contracting the services of an external firm of computer forensics specialists. This investigation found that the IT systems of Waste-Management Resources had been illegally infiltrated by an unauthorized individual at some point in time between January 21 and January 23, 2021. It was during this infiltration that, it is believed, a range of specific files were accessed and stolen.

The in-depth inquest was conducted in order to ascertain if any of the stored files that had an impact on the compromised areas of the Waste-Management Resources databases included any private data.

This inquestm which came to an official end on June 21, found that the following types of information had been exposed and have potentially been compromised during the infiltration:

  • Names
  • Social Security information
  • Taxpayer identification details
  • Government Identification numbers
  • State Identification numbers
  • Driver’s license info
  • Birth dates
  • Financial/bank account details
  • Debit/credit card number information
  • Medical records/treatment details
  • Health insurance credentials
  • Passport details
  • Log in credentials including username/email address and passwords for financial electronic platforms

 

So far, according to representatives of Waste-Management Resources, it has not been possible to determine which files were actually stolen as part of the cyber attack.  

On August 11, 2021 official notification letters were sent from Waste Management resources to impacted clients. A Waste-Management Resources official spokesperson said: “While the investigation remains ongoing, we are taking steps now to implement additional safeguards and review policies and procedures relating to data privacy and security.”

Any people who feel they may have been impacted in the attack have been informed to closely review all of their financial accounts for any indication that improper use of their personal data may have taken place. This information, when stolen, is often used to obtain a free credit report from one of the three major credit monitoring bureaus.

It would be wise to activate a free fraud alert or a credit freeze on their files to prevent any fraudulent activity using their details. So far the group has not offered to provide credit monitoring and identity theft protection services to their clients that may have been impacted. This is despite the extensive and highly sensitive nature of data potentially compromised in the cyberattack.