Belden, the owners of Tripwire, provided an update to the November data incident that involved unauthorized access and copying of some current and former employee data, which the company now terms as a ‘sophisticated cyberattack.’
Further, “on or after February 9, 2021, we learned that information exposed in the incident also included health-related information,” according to a supplemental notification of the Belden data incident.
The health-related information that may have been compromised as part of the Belden data incident included individuals’ names, gender and benefits information, such as their UMI (member) number, group number, coverage category, primary source of coverage, the effective date of coverage, additional sources of coverages, the effective date of any additional coverage, their relationship to a Belden employee and other benefits information, Belden said.
“At this time we do not have reason to believe that any specific information related to any specific health conditions or diagnostic information was included in the incident,” it added.
The St. Louis, Missouri-based company had earlier stated that its investigation into the cyberattack is ongoing, though “we are confident that we have stopped further unauthorized access of personal data on our servers,” Belden said. The company in due course found out that the impacted servers also contained some personal information of some spouses, dependents and relatives of some current and former employees.
On the evening of Nov. 12, Belden IT professionals detected unusual activity involving certain company servers. “We immediately triggered our cybersecurity incident response plan, deployed teams of internal IT specialists and engaged leading third-party cybersecurity forensic experts and other advisors to identify the scope of the incident and to move quickly to mitigate the impact,” according to Belden’s statement. Forensics experts determined that Belden was the target of a sophisticated external attack.
At that time, Belden confirmed that personal information accessed and stolen may have contained data such as names, birthdates, government-issued identification numbers like social security and national insurance, bank account information of North American employees on Belden’s payroll, home addresses, email addresses and other general employment-related information. Limited company information accessed and stolen related to some of the business partners including bank account data and, for U.S. partners, their taxpayer ID numbers, the company said.
Belden is currently dispatching notification letters to the most recent addresses available for those impacted by the incident. The letters contain a toll-free number affected individuals may call with any further questions and additional information about identity monitoring services that the company is making available to mitigate the potential impact of the Belden data incident.
“In addition to notifying law enforcement and regulatory authorities, we are continuously monitoring for any suspicious activity on our systems and have deployed additional resources to reinforce the security of our systems,” the company added.