Dartmouth-Hitchcock has notified some employees that their names and direct deposit bank account information were compromised after some employees fell for a phishing attempt.
In a letter dated January 20, D-H informed the New Hampshire Attorney General’s Office that the unauthorized access to the Employee Self Service Direct Deposit Payment System occurred between October 6 and December 2, 1013. The breach was discovered on December 2, and D-H contacted affected employees by phone on or about December 3 to alert them and to have them change their passwords. In a letter to those affected date January 20, D-H also informed those affected that Social Security numbers would have been accessible, too, although D-H’s forensic investigators found no evidence that they had been accessed.
D-H offered affected employees free credit monitoring services, and encouraged them to place fraud alerts on their credit reports and to contact their banks to inquire whether to cancel their bank account number.
Overall, it’s an unfortunate situation, but D-H actually wrote a very good notification letter to those affected. You can read it here (pdf).