Here’s another breach that has not been in the headlines (or at least, not yet).
On November 8, 2020, Nexelis Group discovered that their system had been encrypted by malware. According to the notification letter sent to patients in April, the information was contained on the server of a company that Nexelis recently acquired, Pacific Biomarkers. Investigation revealed that the information was accessed without authorization from September 26, 2020 to November 9, 2020.
Prior to Nexelis’ acquisition, Pacific Biomarkers was a laboratory services provider supporting clinical studies in the pharmaceutical industry. The information involved appeared to relate to individuals who participated in clinical trials in the mid-1990’s.
The types of information included Social Security numbers, date of birth, driver’s license, health insurance and medical information, digital signature, payment card information, passport number and email address and password for non-financial electronic accounts.
Those notified were offered 12 months of credit monitoring. While the total number being notified was not included in the notification to individuals, a cover letter to the state indicated that 957 Washington residents had been notified.