Bodybuilding.com announced Friday that some of their employment-related information may have been accessed in a data security incident.
The possible information accessed could have been group health plan subscriber information, such as protected health information of certain employees and former employees.
“While the Company has no evidence that personal information was accessed or misused, Bodybuilding.com is notifying current and former employees who are group health plan enrollees and relevant dependents and beneficiaries, out of an abundance of caution,” Bodybuilding.com stated in a press release.
Read more on CBS2.
BodyBuilding.com also posted a notice and FAQ on their site that appears oriented to their customers and site users, but not employees or former employees. That FAQ explains that the incident began with a phishing email received in July 2018. The incident was discovered in February 2019, and the firm retained outside help to investigate. They were unable to conclusively determine whether information was actually accessed. They do not report how many individual customers, users, and/or employees are being notified. But if there are more than 500 employees or former employees, we may see this on HHS’s breach tool at some point.