DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Five months after they were notified of a data breach, Prime Communication notifies 8,000 employees

Posted on May 23, 2020 by Dissent

Last month, I pointed readers to a news report out of Moore, Oklahoma about how Tonya Smith, a former employee of Prime Communications, had reportedly been sent an email with personal information on 8,000 of their employees.  The mistake occurred on December 11, 2019 after Smith had been terminated by Prime for performance issues. In response to her request for info on her 401k and employee profile, they reportedly accidentally sent her 105 pages of employee records that included SSNs, names, and dates of birth for thousands of their employees in a number of states.

That error is disturbing, of course. But what is more disturbing, perhaps, is that Smith claims that she notified them a number of times by both email and phone and they never responded.

“I emailed four or five times and I phoned three or four times,” Smith said.

After the media picked up the story on April 27 because Smith went to them with her concerns, Prime responded.

On May 15, Prime Communications, an authorized retailer for AT&T, sent a notification letter to those whose information was in the file sent to Smith.  The letter, signed by Gabrielle Moses of Prime and sent to DataBreaches.net by a reader and former employee of AT&T, is reproduced below. It offers those impacted one year of identity monitoring through Kroll.

The letter predictably states that they have no evidence of any further distribution or any misuse of the data.  It does not state whether the former employee had securely deleted their email with the file from her phone. It does not state whether anyone else had access to the phone. It does not state whether the former employee has securely destroyed any print-out. It does not state whether News4 in Oklahoma has retained a copy of the data obtained from Smith.

And it makes no mention of the fact that after their mistake on December 11, 2019, the former employee allegedly tried to notify them numerous times and they didn’t respond.

All their letter states is that “upon learning of the incident, we immediately began investigating” yada yada yada. No, Prime, you learned of the incident when your former employee emailed and called you beginning in December. Don’t make it sound like you had no notice before April 27 if you did but just failed to follow up on it.

In any event, in the wake of the incident, they are reviewing their policies and procedures and providing enhanced employee training. Hopefully that includes improving their incident response as to what to do when someone notifies them of a data security incident.

A fuller copy of the notification was submitted to the California Attorney General’s Office and can be found at https://oag.ca.gov/system/files/Prime%20Communications.pdf

Related:

  • Two more entities have folded after ransomware attacks
  • Inquiry launched after identities of SAS soldiers leaked in fresh data breach
  • Michigan ‘ATM jackpotting’: Florida men allegedly forced machines to dispense $107K
  • Government will 'robustly defend' compensation claims from Afghans put at risk by data breach
  • Missouri Adopts New Data Breach Notice Law
  • Qantas obtains injunction to prevent hacked data’s release
Category: Business SectorExposureU.S.

Post navigation

← TN: The Little Clinic notifies more than 10,000 patients after discovering glitch in online appointment system
Online education site EduCBA discloses data breach after hack →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • PowerSchool commits to strengthened breach measures following engagement with the Privacy Commissioner of Canada
  • Hungarian police arrest suspect in cyberattacks on independent media
  • Two more entities have folded after ransomware attacks
  • British institutions to be banned from paying ransoms to Russian hackers
  • Data breach feared after cyberattack on AMEOS hospitals in Germany
  • Microsoft Releases Urgent Patch for SharePoint RCE Flaw Exploited in Ongoing Cyber Attacks
  • Global hack on Microsoft product hits U.S., state agencies, researchers say
  • Inquiry launched after identities of SAS soldiers leaked in fresh data breach
  • UK sanctions Russian cyber spies accused of facilitating murders
  • Michigan ‘ATM jackpotting’: Florida men allegedly forced machines to dispense $107K

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • British government reportedlu set to back down on secret iCloud backdoor after US pressure
  • Idaho agrees not to prosecute doctors for out-of-state abortion referrals
  • As companies race to add AI, terms of service changes are going to freak a lot of people out. Think twice before granting consent!
  • Uganda orders Google to register as a data-controller within 30 days after landmark privacy ruling
  • Meta investors, Zuckerberg reach settlement to end $8 billion trial over Facebook privacy violations
  • ICE is gaining access to trove of Medicaid records, adding new peril for immigrants
  • Microsoft can’t protect French data from US government access

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.