HHS Reports that 119,513 People Affected by Attack: Conti Group Announces Data Fully Disclosed on Dark Web
On May 12, 2022, Parker-Hannifin (“Parker”) reported a data breach to the California Attorney General’s Office affecting current and former employees, their dependents, and others. Letters informing employees about this breach are just arriving in the mail. Parker Hannifin has operations throughout California and the United States.
While not included in Parker-Hannifin’s public statements about this incident, the Conti ransomware group appears to have taken credit for the theft of this sensitive personal information. Initially, the group’s data leak page stated that it had published 5 GB of the stolen files on the dark web, which purportedly was only 3% of the data taken. Typically, this sort of publication is intended to prove the personal data has been successfully stolen.
However, that page now states that 100% of the stolen data has been published.
(screenshot of the Conti data leak page for Parker as of May 18, 2022)
The personal information that may have been accessed and taken as part of this attack includes: full names, addresses, bank account and routing numbers, SSNs, driver’s license numbers, dates of birth, passport numbers, and online username and passwords.
Current or former enrollees of Parker’s Group Health Plan (or a health plan sponsored by an entity acquired by Parker), may also have experienced unauthorized access and theft of: health plan enrollment information, health insurance plan ID numbers, and dates of coverage. According to Parker-Hannifin, for a smaller subset of individuals, the following sensitive information may also have been accessed and acquired: dates of medical coverage, claims information, dates of medical services, medical and clinical treatment information, and provider names.
For more information about this data breach please see this article in LegalScoops written by April M. Strauss, senior attorney and Certified Information Privacy Professional.