EXOS (formerly known as Athletes’ Performance) recently notified HHS of a laptop theft affecting 854 clients. The incident was reported to HHS on July 28, but was only added to the public breach tool today.
In a letter dated August 1, which EXOS was kind enough to provide to DataBreaches.net, Garrett Felix, Information Security Officer for EXOS, writes, in part:
Recently, we learned that the laptop of an EXOS employee was stolen from our facility. We have reported the theft to law enforcement, but it is unclear whether the laptop will be recovered. While, typically, laptops are not stolen to access the data on the laptop, we would like you to know that your personal information, including name, contact information, payment data, health information and/or insurance information, may have been on the stolen laptop.
In follow-up correspondence to DataBreaches.net, an EXOS spokesperson said that it was her understanding that the theft occurred on June 2.
EXOS provided individuals with advice on how to protect themselves, and arranged for credit monitoring services for twelve (12) months, and is taking steps to reduce the possibility of a similar situation in the future:
We want you to know that the privacy and security of your personal information is very important to us. We have policies and procedures in place which are designed to maintain the confidentiality of the personal information of our employees. We have taken steps, including an internal audit of our data security controls, and are taking additional steps to limit the possibility of similar incidents occurring again.