Magnolia Health Corporation in Tulare, California has begun sending out notification letters after someone impersonated their CEO and “using what appeared to be his email address,” obtained personal information for all active employees of the corporation and each of the facilities managed by MHC [Twin Oaks Assisted Living, Inc., Twin Oaks Rehabilitation And Nursing Center, Inc., Porterville Convalescent, Inc., Kaweah Manor, Inc. and Merritt Manor, Inc.].
The notification to employees does not explain whether the criminal acquired control of the CEO’s email account or just faked an address that looked remarkably similar. DataBreaches.net has sent an inquiry to MHC asking about that.
The breach occurred on February 3, but was not detected until February 10.
The personal information disclosed was in the form of an Excel spreadsheet that contained the following identifying information for each person: Employee Number, Name, Address, City, State, Zip, Sex, Date of Birth, Social Security Number, Hire Date, Seniority Date, Salary/Hourly, Salary/Rate, Department, Job Title, Last Date Paid, and [name of applicable] Facility.
MHC reported the matter to law enforcement, but as of the time of the notification letter dated February 12, they did not know the identity of the individual(s) responsible for the breach.