Through its attorneys, Occidental Petroleum Corporation notified the Vermont Attorney General’s office of a breach that was discovered on December 11th. A former employee in Tulsa “accessed and mishandled” personal information by emailing a spreadsheet containing information on former employees to a personal email account. The former employees’ data included names, addresses, birthdates, employee identification numbers, starting dates, retirement dates, and Social Security numbers. The total number of former employees affected was not indicated in the report; one was from Vermont.
Occidental notified the Secret Service and U.S. Attorney on December 12, and on December 15, Occidental filed suit against the former employee, seeking the return of the data. At a hearing on December 23, the employee testified that the data had been obtained accidentally and had not been used or disclosed. The court ordered the employee to turn over their computer and access to his email account to Occidental so that their forensic team could confirm that the information had been removed.
As of the January 6th notification to the AG’s office, the firm had no indication that the data had been used or disclosed.