HR Service Benefit Administrative Systems Reports Data Breach
Table of Contents
- By Steven
- Published: Feb 02, 2023
- Last Updated: Feb 03, 2023
Human resources; a necessary part of nearly any type of work. Perhaps some random hacker felt scorned after a visit to the HR department, which resulted in them losing their job. As a result, they concocted a plan to hack their (ex)company’s HR provider and access a good amount of customer information, thus bringing their company down in the process (or at least its reviews). As unlikely as this form of revenge is, it does make light of a dangerous situation.
How Did the Attack Occur?
Benefit Administrative Systems explained the breach was an unauthorized exposure of PII, or personally identifying information, as well as MII, or medically identifying information. The notice sent to victims and the California Attorney General’s Office read, “Our network monitoring systems recently alerted us to access by unauthorized individuals… We also commenced a thorough forensic investigation utilizing outside cybersecurity experts to analyze the nature and scope of this incident. On November 1, 2022, we confirmed an exfiltration of PII by unauthorized individuals. You are receiving this notice because BAS determined that your PII was exposed in an exfiltrated file.”
What Information Was Viewed or Stolen?
The hacker accessed full names, email addresses, health insurance group numbers of certain members, and health insurance member numbers. “No social security numbers, passwords, dates of birth, addresses, phone numbers, financial account information, or medical/claim information were contained in this file,” BAS promised. There is not too much that the hacker or hackers can do with this information, but there are some dangerous possibilities.
How Did Benefit Administrative Systems Admit to the Breach?
BAS admitted to the breach by sending notices to the victims. A copy of this notice was submitted to the California Attorney General’s Office, as we previously mentioned. BAS stated in this notice that it had no reason to believe that any victims’ personal information had been misused. However, it needed to notify customers “out of an abundance of caution.”
What Will Become of the Stolen Information?
The stolen information will likely be of little use to an unskilled hacker, but if they’re experienced or crafty, they could steal the victims’ insurance resulting in medical identity theft, or launch phishing attacks on their emails. Insurance fraud is incredibly common and is not just limited to the stereotypical stories about desperate people evading the insurance company because they can’t pay for their procedure, surgery, or rehab. While that is normal, there are also a lot of times that hackers use stolen insurance information to steal insurance coverage or prescriptions.
What Should Affected Parties Do in the Aftermath of the Breach?
After the breach, whether you feel safe or not, there are never too many ways to protect yourself. Identity, credit, device, and dark web monitoring are all incredibly smart ideas and will all be tailored to meet your specific needs. Filing a police report would also be smart, as well as monitoring your email on your own to keep from falling for phishing scams.
