Back in January, Sodinokibi (REvil) threat actors added Preferred Home Care of New York to their dark web leak site. At the time, the threat actors did what they usually do — they posted a few screencaps as proof of access. The screencaps showed directories of folders and images of identity cards of people working for the agency. The threat actors have not added any additional files or data dump since then.
On January 26, DataBreaches.net emailed the home care agency to ask them about the claimed attack and its impact. They never answered.
But on March 10, external counsel for agency submitted a copy of a notification letter being sent out about the breach. The letter states that the breach occurred on January 8 and was discovered on January 9.
The type of information accessed varied depending on the individual, but may have included your name, contact and demographic information such as address, email, phone number, and date of birth; financial information such as bank account number; and Social Security number; and medical information related to health assessments, physicals, drug screens, vaccinations and TB tests, as well as FMLA and worker’s compensation claims.
The letter was sent on March 10 to 92,283 individuals. In it, Allen Hymowitz, Administrator, wrote:
Currently, we are not aware of any fraudulent activity or misuse of anyone’s information as a result of the incident. Furthermore, we do not believe that the use of personal information was the primary motive behind the third party’s actions.
So what do they believe the primary motive was? Simply to have the data to exert pressure on the agency? Despite that statement, Preferred did offer those being notified a complimentary one-year membership of Experian IdentityWorksSM Credit 3B.
DataBreaches.net sent a second inquiry to Preferred Home Care this morning but again, received no reply. This post may be updated if a reply is received.