PurFoods, an American meal delivery service which provides both to individual customers as well as working with more than 500 health plans, managed care organizations, governments and agencies to provide medically-tailored meals to those covered by Medicare and Medicaid, has recently suffered a data breach that exposed the data of more than 1.2 million customers.
According to a data breach notice filed with the Maine Attorney General, PurFood’s systems were breached on January 16 of this year, although the breach was not discovered until July 10. The data breach notice also revealed that the breach was caused by a malicious actor hacking into the company’s system. The cyber attack and subsequent data theft was discovered when PurFoods found that certain files in its network had been encrypted.
The data stolen in the breach includes the names or other personal identifiers, e.g. the Social Security or health insurance member identification numbers of 1,237,681 PurFood customers, as well as their “financial account number or credit/debit card number (in combination with security code, access code, password or PIN for the account)”. It is also suspected that the malicious actor may have gained access to individual’s medical information. Those affected were informed of the data breach on August 25.
The company has reassured customers that it has “seen no evidence that any personal information was misused or further disclosed as a result of the cyber attack” yet.
PurFoods has offered those affected credit monitoring services for one year to those potentially affected by the data breach. In a letter to those affected, the company said it was “sorry for any inconvenience this incident may cause”.
The company has alerted law enforcement to the breach and has said it is “working to implement additional safeguards and training to its employees” to prevent any future cyber security incidents.