US entertainment company, Golden Entertainment, has issued notice to customers, employees, and vendors of an incident involving unauthorized access to some employees’ email accounts.
Upon discovery of the intrusion, Golden Entertainment conducted an investigation into an email phishing incident, and determined that an unauthorized individual obtained access to some employees’ email accounts.
Golden Entertainment says it immediately took steps to secure the email accounts, launched a further investigation, and took on the services of a cybersecurity firm to assist. The investigation indicated that an unauthorized individual obtained access to the email accounts at various times between May 30, 2019 and October 6, 2019.
However, officials were unable to determine which emails or attachments, if any, were accessed by the unauthorized person. The company says it then conducted a comprehensive review of the emails and attachments in the employees’ email accounts and, on October 8, 2019 and January 3, 2020, to determine that an email or an attachment to an email in the email accounts contained personal information of some customers, employees, and vendors.
The potentially compromised data included names, social security numbers, passport numbers, government ID numbers, driver’s license numbers, dates of birth, usernames, passwords, payment card numbers, expiration dates, card security codes (CVV), financial account numbers, routing numbers, health insurance information, and health or treatment information.
Golden Entertainment says it has no evidence that any information has been misused. On November 7, 2019, the firm began mailing letters to individuals whose information was involved and continued to mail letters through January 31, 2020, as additional addresses and additional email accounts were found to have been involved.
The company has underlined how customers should stay alert to the possibility of incidents of fraud or identity theft by reviewing account statements and free credit reports for any unauthorized activity.
As a precaution, Golden Entertainment says it is also offering individuals whose social security number or driver’s license number was involved complementary credit monitoring and identity protection services.
Golden Entertainment has expressed regret that the incident occurred and has apologised for inconvenience caused. To help prevent this type of incident from happening in the future, the firm says it is implementing additional safeguards and technical measures as well as providing additional phishing-awareness training to employees.
The post #Privacy: US entertainment company announces data breach appeared first on PrivSec Report.