Customers' Social Security numbers, COVID-19 vaccine cards, other personal data were accessed
Sequoia Benefits and Insurance Services has announced that it was recently hacked, and that customers of its Sequoia One business may have their sensitive information jeopardized.
The San Mateo, CA-based HR technology firm says hackers accessed an array of customer data, including Social Security numbers and COVID-19 vaccine cards.
In disclosures sent to customers earlier this month, Sequoia said the data breach occurred between September 22 and October 6. As a result, the company is offering victims three years of free Experian identity protection services.
“An unauthorized party may have accessed a cloud storage system that contained personal information,” the company wrote. “As soon as the Company became aware of the situation, a response plan was initiated and a number of immediate actions were completed, including working with outside counsel to initiate a forensic review by Dell Secureworks, a leading global security firm.”
Sequoia says the cloud storage system contained customers’ names, addresses, dates of birth, gender, marital status, employment status, Social Security numbers, work email addresses, wage data related to benefits, member IDs as well as any other ID cards, COVID-19 test results and vaccine cards that individuals uploaded to the employment system.
Kristin Schaeffer, vice president of public relations at the communications firm AMF Media Group, declined to comment on how many people had their data exposed and are being offered free identity protection services. “At this time our focus and communication is only with our clients,” Schaeffer told WIRED.
The review found no placement of malicious tools or other software such as ransomware; no evidence of any threat to client or company networks; no evidence that the unauthorized party changed any client data; and no evidence of data being used or distributed has been found to date, according to the disclosures.
Earlier this year, California topped the list of states experiencing data breaches over a five-year span. More than 2.3 million data breaches occurred throughout the United States, Guam, U.S. Virgin Islands and the Northern Mariana Islands between 2017 and 2021, generating a total financial loss of $20.1 billion, according to the Forbes Advisor. A total of 325,291 victims were in California during that period, and they lost more than $3.7 billion to these crimes. Florida (198,830 victims), Texas (179,217 victims) and New York (141,170) came in at second, third and fourth, respectively.
Thousands of Californians fell victim and lost huge sums through the following:
- 14,925 victims of compromised email accounts lost more than $1.18 billion
- 12,205 victims of online romance schemes lost $516.2 million.
- 5,270 victims of investment scams lost nearly $440 million.
- 11,365 victims of real estate fraud lost $176.4 million.
- 31,742 victims of personal data theft lost $163.4 million.
California companies that have had data stolen this year and last year include Blue Shield of Southern California; Kaiser Foundation Health Plan, Southern California; Lending Tree; Ernest Packaging Solutions; and Professional Finance Co, according to a SiliconValley.com report, citing Forbes Advisor.