Mother’s Meals, a meal supply service for folks with power well being situations, has confirmed a data breach affecting greater than 1.2 million people.
In a data breach discover filed this week with Maine’s lawyer common, Mother’s Meals mum or dad firm PurFoods confirmed that the meal supply service skilled a cyberattack between January 16 and February 22. The corporate mentioned that the incident resulted within the “encryption of sure information” and that instruments generally used to steal information have been discovered on its community, suggesting ransomware might have been the offender.
“We are able to’t rule out the chance that information was taken from considered one of our file servers,” the corporate mentioned.
PurFoods employed an unnamed third-party incident response agency to analyze the breach and mentioned that the overview concluded on July 10. This decided that the “information at concern included private and guarded well being data associated to sure people.”
Affected people embrace those that have obtained Mother’s Meals packages, together with Medicare, Medicaid and self-paying members with out an eligible well being plan or who don’t qualify for presidency help.
The data breach additionally impacted the corporate’s present and former staff, and impartial contractors.
The data included buyer names, Social Safety numbers, driver license and state identification numbers, monetary account and cost card data, medical document numbers, well being data, therapy data, analysis codes, meal classes and prices, medical insurance data and affected person ID numbers.
PurFoods mentioned it started notifying affected people on August 25 — seven months after it was first compromised and greater than a month after it concluded its investigation into the breach. It’s not clear why the corporate waited so lengthy to inform affected prospects, and PurFoods didn’t reply to information.killnetswitch’s questions.
PurFoods printed a separate data breach discover on its web site, which on the time of publication consists of “noindex” code telling engines like google to disregard the webpage, successfully stopping affected people from discovering the breach discover in search outcomes.
Kroll, nonetheless, mentioned final week that it too was the sufferer of a cyberattack involving the theft of private information belonging to failed crypto firms, together with BlockFi, FTX and Genesis, which depend on Kroll for his or her chapter proceedings. As reported by KrebsOnSecurity, Kroll mentioned an worker’s telephone quantity was hijacked in a SIM swapping assault that was used to achieve entry to Kroll’s community.
