Data may not have been misused, impacted individuals advised to change passwords

Jul 18, 2014 08:06 GMT  ·  By

Personal information of Dominion Resources’ employees wellness plan has been accessed without authorization by an unknown intruder through the systems of a subcontractor.

The data, which includes names, addresses, email addresses, phone numbers, gender and dates of birth, has been reached through the computer systems of Onsite Health Diagnostics.

The breach took place on March 25 but it was not detected immediately, and Onsite Health Diagnostics alerted StayWell Health Management, the vendor of employee wellness programs, on June 16.

A week later, on June 24, Dominion Resources was notified that the details of 1,700 of their employees had been accessed during the intrusion.

At that moment, the identities of the individuals impacted by the attack were not known, and they were revealed only on July 7, according to Times Dispatch.

It appears that the information accessed by the intruder belonged to individuals that had made health-screening appointments as far back as 2012.

They were alerted to change their passwords and were offered one year of free credit monitoring in order to protect their accounts from fraudulent activities.

The detection of the intrusion and alerting Dominion Resources both took very long, and the affected company is currently checking why the notification action was delayed so much. A representative also said that Onsite Health Diagnostics was no longer used by them for making health-screening appointments.

Dominion Resources is a power and energy company headquartered in Richmond, Virginia. There is no evidence that the details accessed by the intruder have been misused.