[BreachExchange] Navistar confirms data breach involved employee healthcare information
Sophia Kingsbury
sophia.kingsbury at riskbasedsecurity.com
Thu Sep 30 09:01:08 EDT 2021
https://portswigger.net/daily-swig/navistar-confirms-data-breach-involved-employee-healthcare-information
An investigation at US truck maker Navistar has revealed that a data breach
on its systems exposed employee healthcare information.
Navistar hired external cybersecurity experts and began an investigation
after learning of a security incident on May 20. By the end of May, the
firm had confirmed that an “unauthorized third party had accessed and taken
certain data from Navistar’s IT systems”.
On June 7, Navistar filed 8-K papers with the US Security and Exchange
Commission, warning investors about the incident. The notification
generated press coverage about the incident from Reuters and other outlets,
as investigators continued to access the scope and impact of the incident.
By August 20, Navistar’s team had confirmed that attackers had “accessed
and taken” the personal information of participants to its healthcare and
life insurance plans.
The potentially compromised data included the full names, addresses, dates
of birth, and Social Security numbers of an unspecified number of Navistar
employees past and present, according to an updated statement by Navistar
on the breach.
Navistar began notifying affected individuals, who are each being offered
two years of free credit monitoring and identity theft protection, in late
September. Those affected are advised to be on the lookout for incidents of
fraud and identity theft.
Compromised personal data is commonly used and traded by cybercriminals
because it offers a means to run more convincing phishing scams that would
seek still more information, or to apply for fraudulent lines of credit
under false names.
Navistar employs 13,00 people worldwide. The Daily Swig has asked the firm
how many people have been warned that their data had been exposed.
We also asked for comment on whether or not the breach had been notified to
law enforcement and, if so, what progress had been made on that front.
No word back as yet but we'll update this story as and when more
information comes to hand
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20210930/03ab7ef7/attachment.html>
More information about the BreachExchange
mailing list