According to a notification submitted to the Massachusetts Attorney General’s Office that was obtained by DataBreaches.net, SeaChange Intl. discovered back in July that a temporary administrative assistant had stolen an employee’s identity.
The temporary administrative assistant, who had access to all U.S. employees’ information because of the nature of her work, confessed and was terminated immediately. Although the employee had passed their background check, SeaChange later discovered that a national background check revealed a 2005 conviction for insurance fraud ($350,000). Both the Acton Police and the FBI were notified of the current incident.
SeaChange notified its employees of the breach by e-mail on July 21, but the e-mail merely indicated that there had been a breach without getting into any specifics. Employees were encouraged to contact any of the three credit-reporting agencies and place a fraud alert. In subsequent e-mail to the Attorney General’s Office, SeaChange indicated that if any employees reported any fraudulent activity, they would be offered free credit monitoring services.
SeaChange also indicated that they were notifying employees in 26 states, including 271 who live in Massachusetts. It is not clear from their report how they discovered the ID theft, whether they were able to definitively determine how many other employees had their personal information accessed by the former employee, and whether they had obtained the temporary worker from an agency, and if so, whether that agency had ever run a national criminal background check. SeaChange has not responded to a request for this information by DataBreaches.net as of the time of this posting.
A copy of their formal notification to Massachusetts and additional communication to the AG’s Office is available here.