Overseas Service Corporation notification of a breach
Another report we may not see on HHS’s public breach tool but that involves health information. This reads like it is a notification to employees based on the types of data involved, but it doesn’t actually say who the breach impacted.
Overseas Service Corporation (“OSC”) announced today a phishing email incident that involved a small number of email accounts in its computer environment.
The phishing email incident resulted in unauthorized access to information contained in some email accounts, including names accompanied by Social Security numbers, financial/checking account numbers, payment card numbers, driver’s license numbers, and limited medical/health information.
Although OSC cannot confirm that any individual’s information was in fact viewed by an unauthorized person, and has no indication that anyone’s information has been misused, OSC is releasing this notice to inform individuals of this incident and provide some recommendations on ways to protect personal information.
On March 10, 2021, OSC began mailing letters to individuals whose information was involved in the incident and for whom OSC has address information. OSC is also providing this notice to individuals whose information may have been involved but for whom OSC does not have an address. OSC also established a dedicated call center for individuals to call with questions about the incident. If you have any questions, please call 1-855-498-2033, Monday through Friday from 8:00 A.M. through 5:30 P.M. Central Time.
Individuals who are nonetheless concerned that their personal information may have been accessed during the incident should visit OSC’s website, found here: https://www.oscweb.com/images/pdf/osc-data-ssues.pdf. OSC’s website also contains information regarding steps that individuals can take to help protect their personal information.
To help prevent something like this from happening in the future, OSC is instituting additional security measures.
Read their full press release on PRNewswire.