Pennsylvania-headquartered ReportaClaim.net describes itself as gateway for stand alone companies, professional employer organizations (PEOs), staffing companies, and their clients to submit worker injury reports.
In order to do that, they necessarily collect a lot of personal and medically-related information such as the employee’s full name, the employer, the employee’s job position, the date of injury, a description of how it occurred, the injuries claimed as a result of the accident or work conditions, what happened after the accident or incident, and other personal information related to the employee.
Naturally, keeping such data secure is a priority.
Reportaclaim.net is versed with the nuances of the staffing industry and the subtleties of dealing with (sometimes) multiple tiers of staffing clients. We protect your clients’ identities and handle them discreetly.
Whatever steps or protections they had in place to protect clients’ identities and handle them discreetly were apparently insufficient. Earlier this week, I saw a database listed on a forum that was described as a medical records system with full database. When I inspected it, I found it was their data. It included employee and employer names, date of accident, description of injury, and additional details.
The individual posting the data for token sale was subsequently banned and the listing removed, but since then, I have also seen the same listing appear on another forum, for free.
ReportaClaim is aware of the situation and according to a brief response to this site’s inquiry, they are working with the FBI investigating the situation. DataBreaches.net does not know if this incident is the result of a leak or a hack, but the listings seen for it refer to it as a leak.
ReportaClaim’s spokesperson did not say whether they would be notifying individuals, but based on the types of information I saw in the database, I would think that they would have to, and we may see a press release at some point down the road.