Feb 142016
 

Magnolia Health Corporation in Tulare, California has begun sending out notification letters after someone impersonated their CEO and “using what appeared to be his email address,” obtained personal information for all active employees of the corporation and each of the facilities managed by MHC [Twin Oaks Assisted Living, Inc., Twin Oaks Rehabilitation And Nursing Center, Inc., Porterville Convalescent, Inc., Kaweah Manor, Inc. and Merritt Manor, Inc.].

The notification to employees does not explain whether the criminal acquired control of the CEO’s email account or just faked an address that looked remarkably similar. DataBreaches.net has sent an inquiry to MHC asking about that.

The breach occurred on February 3, but was not detected until February 10.

The personal information disclosed was in the form of an Excel spreadsheet that contained the following identifying information for each person: Employee Number, Name, Address, City, State, Zip, Sex, Date of Birth, Social Security Number, Hire Date, Seniority Date, Salary/Hourly, Salary/Rate, Department, Job Title, Last Date Paid, and [name of applicable] Facility.

MHC reported the matter to law enforcement, but as of the time of the notification letter dated February 12, they did not know the identity of the individual(s) responsible for the breach.

 

Affected employees were offered one year of complimentary enrollment in Experian’s ProtectMyID service. Given the nature of this attack, it seems clear that the criminal(s) were intent on getting personal information for misuse, so I’m not sure a one-year enrollment will be satisfactory to employees, but we’ll see, I guess.
According to the metadata for MHC’s submission to the California Attorney General’s Office, 563 California residents were affected by the breach.

Sorry, the comment form is closed at this time.