Breach at Dominion National Likely Began in 2010
“Safeguarding the privacy of your personal information is a top priority for us, and we make every effort to protect your information. Despite these efforts, Dominion National experienced a data security incident,” Dominion National president Mike Davis wrote in a company message.
The unauthorized access might have started as long ago as August 2010, according to the notice. “On April 24, 2019, through Dominion National's investigation of an internal alert and with the assistance of a leading cyber security firm, Dominion National determined that an unauthorized party may have accessed some of its computer servers. The unauthorized access may have occurred as early as August 25, 2010. Dominion National moved quickly to clean the affected servers.”
The company reports that it currently has no evidence that data was actually misused or wrongfully accessed. “However, we began mailing notification letters to potentially affected individuals on June 21, 2019, and we have established a dedicated incident response line to answer any questions.”
The data that was potentially accessed could include the enrollment and demographic information for current and former members. In addition to members of both Dominion National and Avalon Insurance, others who are affiliated with the organizations could have also had their data compromised.
“The servers may have also contained personal information pertaining to plan producers and participating healthcare providers. The information varied by individual, but may include names in combination with addresses, email addresses, dates of birth, Social Security numbers, taxpayer identification numbers, bank account and routing numbers, member ID numbers, group numbers, and subscriber numbers,” according to the announcement.
Source: Information Security Magazine