James R. Glidewell, Dental Ceramics, Inc. and its subsidiaries (“Glidewell”) are notifying employees of a security incident.
According to a notification letter submitted to the California Attorney General’s Office, Glidewell learned that “an unauthorized individual may have taken certain documents and data maintained and/or owned by Glidewell, without Glidewell’s authorization.” The data theft occurred on February 28, and Glidewell discovered it on July 31, although those dates are not included in its notification to employees and only appear in the metadata submitted to California.
The letter does not indicate how Glidewell learned of the breach, but they note:
Based upon a forensic investigation conducted by outside data- security experts retained by Glidewell to assist in this matter, we believe that certain employee-personnel data may have been taken along with other Glidewell proprietary information, including your name, address, social security number, and financial account information relating to your direct deposit account.
The letter, signed by Gary Pritchard, Labor Counsel, indicates that Glidewell currently has no indication that there has been any misuse of the information, but asks employees to report any suspicious or fraudulent activity to Glidewell senior management in addition to others they may notify.
In response to the incident, Glidewell engaged outside forensic experts to assist them in developing an understanding of what took place and how. They also reported the incident to law enforcement and indicated that they will cooperate with appropriate authorities if and as a criminal investigation is undertaken.
Although the letter does not state that they suspect a former employee, statements in the letter hint at that possibility:
In the meantime, we are continuing to explore all available means of legal recourse and plan to pursue civil and/or injunctive relief, as may be appropriate. In light of this incident, we are reviewing our internal policies and protocols and are in the process of designing and implementing enhanced security measures to help prevent this type of incident from recurring in the future.
The firm is also offering its employees one year of complimentary fraud resolution and identity protection services with ProtectMyID.