Data breach at US waste management firm exposes employees’ healthcare details

Jessica Haworth 12 August 2021 at 11:10 UTC

Waste Management Resources said attacker gained network access in January

A data breach at US waste management firm Waste Management Resources has exposed the healthcare information of current and former employees, as well as their dependents.

The company says that on January 21, it discovered signs of suspicious activity.

“We immediately launched an investigation, with the assistance of third-party forensic specialists, to determine the nature and scope of the activity and contacted the FBI,” Waste Management Resources says in a statement.

“Our investigation determined that an unauthorized actor entered our environment between January 21 and 23, 2021, accessed certain files, and took a limited number of files.”

Read more of the latest data breach news

The unknown hacker was able to access the healthcare information of certain staff who submitted claims to its self-insured health plan.

The files that may have been accessed included names, Social Security numbers, taxpayer identification numbers, government and state ID numbers, driver’s license numbers, dates of birth, bank account numbers, debit and credit card numbers.

Also exposed were the staff members’ and dependents’ medical history and treatment information, health insurance information, passport numbers and usernames, email addresses, and passwords for financial electronic accounts.

Credit check

While the company discovered this on June 21, its alert was not issued until this week.

Waste Management Resources is recommending that those affected check their credit report and ask for either a fraud alert or a credit freeze to be placed on it.

The breach has raised eyebrows for the sheer quantity and sensitivity of the data involved.

As software consultant Allen Holub points out on Twitter: “Why does the HR system need passport numbers or the password to your bank account? I can’t imagine a scenario where that sort of information should be stored in an HR system.”

And, says security pro Troy Hunt: “Time to just start life again when that much personal data is leaked.”

The Daily Swig has contacted Waste Management Resources and will update this story with any more information.

YOU MIGHT ALSO LIKE International cybercrime gang charged with Covid-19 business email compromise fraud