DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Breach Leaves Thousands Of Kaiser Permanente Employees Checking Their Credit Report (update)

Posted on March 22, 2012 by Dissent

KXL FM reports that Kaiser Permanente has sent notifications to some current and former employees after their data were found on an external hard drive purchased in a second-hand store in September 2011:

Maryann Schwab with Kaiser Permanente says names, phone numbers, social security numbers and other personal information was found on a non-Kaiser external hard drive in September of 2011.  The person that bought the hard drive called Kaiser and is gave (sic) the hard dive up to police.  “The information on the hard drive was downloaded to it in 2009” said Schwab, “since then KP has taken steps to bolster the fire wall for sensitive data.”

A delay in notifying of over five months? That seems unusually long by today’s standards. I expect/hope we’ll see some explanation or statement from KP to explain the delay. Because this is not patient information, California’s 5-day notification law does not apply. Nor does HITECH’s 60-day timeframe. Will the state do something to fine KP for the delay? If this were Connecticut, I’d bet yes, but I’m not placing any bets on what California will do in this situation.

Update: Please see comment below for text of KP’s notification letter.

Category: Breach IncidentsHealth DataOtherU.S.

Post navigation

← Patient Claims Doctor Used Her in a Book
Follow-up: Anger follows University of Tampa data breach →

11 thoughts on “Breach Leaves Thousands Of Kaiser Permanente Employees Checking Their Credit Report (update)”

  1. Breach Sept 2011 says:
    March 23, 2012 at 8:59 pm

    Ok so im a kaiser Employe and this just was found out ? ok Well if you look Back in 2009 Kaiser had a Breach Then too in CA Area from a Lady called Mia it was on the news there in CA She got info from a known source i belive it was OFN union ?, this Hard drive they received steems back from Feb. 2009 if you listened to the spokes lady from Kaiser it was copied in 2009 to that hard drive , And if you look back to 2007 there was a Class action on Kasier whitch was filed in Oct 2009 because of a small fraude grp of 20 people or so. And Kaiser says it was only a few MO. try 3 to 5 years they have known about this as far as i see it .
    Someone needs to investigate this , i belive they have been keeping this from us a long time .
    Why isnt someone doing something about this? what can we do as Kaiser employes besides take the small here you go for a year and your safe sorry about that ,
    Something needs to be done ,

    We need help to make sure this never happens again and what do the thousands of us do wait and watch our credit report

    is there any way to file a Class action suite ? Kaiser i belive has been keeping this from us and it has been Years this has been going on and we just Got told about this in a letter ?

    Thanks kaiser your the best Employer (not) Glad im retireing this year as long as my retirement plan is still there

  2. Breach my ass says:
    March 24, 2012 at 9:17 pm

    They waited to notify because they are more worried about covering their UNETHICAL ass! If you Google Kaiser Fraud and corruption you will get over 100,000 sites in less than a second. The company is an organized for profit crime, I know this because I am a former healthcare provider for Kaiser. They DO NOT care about employee’s or patients only the profit. However their are some good doctors at Kaiser, but they aren’t around long, they are either bullied out for being ethical or they quietly leave.

  3. Anonymous says:
    March 27, 2012 at 9:37 pm

    I also was a Kaiser employee that was flabbergasted that I just received a letter in the mail, explaining that ‘none of my health care information was involved’ like this would reassure me that it is okay to have my name, address, and social security number left on some hard drive which was located and identified back in September 2011. My letter was dated March 19, 2012 and neither the FBI or Kaiser cared enough to inform me that my information was at risk and breached!!!! It is a small wonder that now Kaiser wants to make sure that no unusual activity shows up on my credit report, what happens to the past six months worth of activity that I may or may not have been watching closely????? I am ticked to say the least!!!! And I am pursuing this disaster until they know my name and I get personal phone calls back on any updates or changes. I will, for one, keep them accountable for this mistake!

  4. Anonymous says:
    March 27, 2012 at 9:40 pm

    Oh and also my pay stub information was part of this breach…..
    And it was told to me that this information occured prior to when 2009 controls were put in place, ie encryption and firewalls, so what happened to my information prior to end of 2009? I worked for them for many years????????

  5. Anonymous says:
    March 27, 2012 at 9:43 pm

    Yes a reported 30,000 employees…..lawsuits/lawyers get ready!

    1. admin says:
      March 27, 2012 at 9:56 pm

      What is your source for that 30,000 figure, please? And could you email me a copy of the notification letter you received so I can upload it? I can redact it if you need it redacted, or if you can redact it and email it to this site, that would be great.

  6. Anonymous says:
    March 27, 2012 at 11:59 pm

    My source is Kaiser Permanente.

    Letter contents:

    “We are writing to let you know of a breach of confidential employee information, including some information belonging to you. We take our employee’s privacy very seriously and we sincerely apologize that this happened.

    The data, which was found on a non-Kaiser Permanente external hard drive that was purchased second-hand, included your personally identifiable information, including your name, address, and Social Security number. In some cases, there may have been additional data from Kaiser Permanente pay stubs or Kaiser Permanente COBRA Error, Trust Fund Paid Hours, or Fidelity Savings Plan Deduction reports. None of your personal health information was involved. The most recent employee data found on the hard drive was from 2009 and we have no evidence at this point to indicate that this information has been or will be used for illegal purposes.

    The breach was brought to our attention in late September 2011 by the individual who purchased the hard drive, and we immediately took steps to get possession of the equipment and notified law enforcement. As soon as law enforcement concluded its own analysis of the hard drive, which took several weeks to complete, we bagan our own investigation. Our investigation of the breach is still underway. We have determined the internal source of the data found on the hard drive and are pursuing additional facts, and we are taking appropriate steps to make sure that it does not happen again.

    We understand your concerns about your information being compromised. To help protect you, we are providing you one year of professional credit monitoring at Kaiser Permanente’s expense.

    1. admin says:
      March 28, 2012 at 12:02 am

      Thank you so much for posting that. I don’t see any 30,000 figure in there, though. Where are you getting that number from?

  7. Anonymous says:
    March 28, 2012 at 12:15 am

    Kaiser Permanente HR Supervisor.

  8. Anonymous says:
    March 28, 2012 at 1:58 am

    I was told by the credit company(the number on the letter from Kaiser) contracted by Kaiser, that there were approx 30,000 employees confidential information that was breached. I also contacted Kaiser Compliance Hotline and was given a number for Kaiser Security. Kaiser security rep also confirmed the 30,000 employees info breach. Neither Kaiser security nor the credit agency were very forthcoming with much info regarding the details of the breach stating “this is an ongoing investigation” I was told the FBI, Computer forensics and the police were investigating, however not stating which police agency was involved with this investigation. I am a victim of this breach and feel I have a right to know what the hell is going on. I am totally in on a class action law suit and I say we take it to them!!! We as employees have to jump through hoops to keep our members info confidential (which I totally agree with) but Kaiser does not seem to have that same respect for their employees. confidential info.

    1. admin says:
      March 28, 2012 at 7:38 am

      Thanks for explaining where you got the information.

Comments are closed.

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Texas gastroenterology and surgical practice victim of ransomware attack
  • Romanian Citizen Pleads Guilty to ‘Swatting’ Numerous Members of Congress, Churches, and Former U.S. President
  • North Dakota Enacts Financial Data Security and Data Breach Notification Requirements
  • Pro-Ukraine hacker group Black Owl poses ‘major threat’ to Russia, Kaspersky says
  • Vanta bug exposed customers’ data to other customers
  • Lyrix Ransomware Targets Windows Users with Advanced Evasion Techniques
  • Central Maine Healthcare tackles suspected cybersecurity issue; hospitals remain open
  • Cartier Data Breach: Luxury Retailer Warns Customers that Personal Data Was Exposed
  • Beyond the Pond Phish: Unraveling Lazarus Group’s Evolving Tactics
  • Akira doesn’t keep its promises to victims — SuspectFile

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Supreme Court Agrees to Clarify Emergency Situations Where Police Don’t Need Warrant
  • Stewart Baker vs. Orin Kerr on “The Digital Fourth Amendment”
  • Fears Grow Over ICE’s Reach Into Schools
  • Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
  • She Got an Abortion. So A Texas Cop Used 83,000 Cameras to Track Her Down.
  • Why AI May Be Listening In on Your Next Doctor’s Appointment
  • Watch out for activist judges trying to deprive us of our rights to safe reproductive healthcare

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.