It’s not clear from their notification how many employees were impacted and how the security incident occurred, but Pharm-Olam International started notifying employees by mail of a security incident that compromised their names, Social Security and income information:
At Pharm-Olam International (the “Company”) we value you and respect the privacy of your information, which is why, as a precautionary measure, we are writing to let you know about a data security incident that involved the inadvertent disclosure of your personal information, including your name and Social Security number. We take the security of your personal information very seriously, and sincerely apologize for any inconvenience this incident may cause. This letter contains information about steps you can take to protect your information, and resources available to help you.
On February 23, 2016, due to a security incident, your 2015 W-2 form was disclosed to an unauthorized recipient. The W-2 form includes your name, address, Social Security number, and 2015 wage information. This incident is being internally investigated. We also immediately notified law enforcement and appropriate authorities/entities, and are cooperating with their concurrent investigation. The Company deeply regrets that this incident occurred. As an added safeguard and in order to facilitate credit monitoring and identity theft prevention service, we have arranged for IDT911 to provide you with identity protection services for 12 months at no cost to you. Information on enrollment in this program is listed under STEP 1 in the Instructions below.
Read their full notification letter of February 26 on the Vermont Attorney General’s web site.