Mom’s Meals says data breach affects 1.2 million customers


Share post:

Mom’s Meals, a meal delivery service for people with chronic health conditions, has confirmed a data breach affecting more than 1.2 million individuals.

In a data breach notice filed this week with Maine’s attorney general, Mom’s Meals parent company PurFoods confirmed that the meal delivery service experienced a cyberattack between January 16 and February 22. The company said that the incident resulted in the “encryption of certain files” and that tools commonly used to steal data were found on its network, suggesting ransomware may have been the culprit.

“We can’t rule out the possibility that data was taken from one of our file servers,” the company said.

PurFoods hired an unnamed third-party incident response firm to investigate the breach and said that the review concluded on July 10. This determined that the “files at issue included personal and protected health information related to certain individuals.”

Affected individuals include those who have received Mom’s Meals packages, including Medicare, Medicaid, and self-paying members without an eligible health plan or who don’t qualify for government assistance.

The data breach also impacted the company’s current and former employees, and independent contractors.

The information included customer names, Social Security numbers, driver’s license and state identification numbers, financial account and payment card information, medical record numbers, health information, treatment information, diagnosis codes, meal categories and costs, health insurance information, and patient ID numbers.

PurFoods said it began notifying affected individuals on August 25 — seven months after it was first compromised and more than a month after it concluded its investigation into the breach. It’s not clear why the company waited so long to tell affected customers, and PurFoods did not respond to TechCrunch’s questions.

PurFoods published a separate data breach notice on its website, which at the time of publication includes “noindex” code telling search engines to ignore the webpage, effectively preventing affected individuals from finding the breach notice in search results.

PurFoods said it was providing access to credit monitoring services for 12 months via financial and security consultancy giant Kroll to individuals whose personal information was compromised by the breach.

Kroll, however, said last week that it too was the victim of a cyberattack involving the theft of personal data belonging to failed crypto companies, including BlockFi, FTX, and Genesis, which rely on Kroll for their bankruptcy proceedings. As reported by KrebsOnSecurity, Kroll said an employee’s phone number was hijacked in a SIM swapping attack that was used to gain access to Kroll’s network.

Source link

Lisa Holden
Lisa Holden
Lisa Holden is a news writer for LinkDaddy News. She writes health, sport, tech, and more. Some of her favorite topics include the latest trends in fitness and wellness, the best ways to use technology to improve your life, and the latest developments in medical research.

Recent posts

Related articles

How to raise a Series A in today’s market

If you’re an early-stage founder, the crazy days of 2021 are a distant memory. Money is tight,...

Why we’re seeing so many seed-stage deals in fintech

Welcome back to The Interchange, where we take a look at the hottest fintech news of the previous...

SBF’s trial starts soon, but how did he — and FTX — get here?

The highly anticipated criminal trial for Sam Bankman-Fried, former CEO of bankrupt crypto exchange FTX, begins Tuesday...

A tale of two research institutes

If you’re lucky, once a year you get to put together a panel built on pure kismet....

Tinder goes ultra-premium, Amazon invests in Anthropic and Apple explains its new AirPods

It’s that time of the week again, folks — time for Week in Review (WiR), TechCrunch’s newsletter...

How much can artists make from generative AI? Vendors won’t say

As tech companies begin to monetize generative AI, the creators on whose work it is trained are...

Venture capital is opening the gates for defense tech

Welcome to the TechCrunch Exchange, a weekly startups-and-markets newsletter. It’s inspired by the daily TechCrunch+ column where...

Humane’s ‘AI Pin’ debuts on the Paris runway

You’d better believe that Humane is going to milk the media hype cycle for all it’s worth....