A substantial number of people have recently been impacted in a data breach at Virginia-based power and energy company Dominion Resources, by an attacker who gained access through the systems of a subcontractor.
Around 1,700 individuals are now being notified of the attack, which was carried out on March 25. Following the attack, Onsite Health Diagnostics discovered the breach in June and brought it to the attention of StayWell Health Management, the wellness vendor for employees. StayWell was then able to notify Dominion Resources on June 24.
A substantial amount of information was leaked, including personal details such as names, addresses, genders and dates of birth. In addition, encrypted passwords for a system run by Onsite Health Diagnostics were breached.
While names and addresses are commonly leaked sets of information, the breach of encrypted passwords represents a substantial security risk.
The company has since warned impacted individuals, and recommended changing passwords and usernames. Dominion has also offered a free year of credit monitoring, and ceased using the scheduling services of Onsite Health Diagnostics.
"Dominion regrets the data breach at a third-party vendor," Dominion Resources spokesman C. Ryan Frazier said to Times-Dispatch on July 15. "We are taking this matter seriously and are conducting a thorough review of all of these types of vendors."
Several measures can be taken to ensure the chance of a breach is low, including a security audit carried out on a regular schedule. With this measure, a business is able to investigate various avenues of possible data breaches, for example employee computers or external vendors.
It's also highly important for companies to understand the importance of building a security culture, one focused on educating employees about the dangers of data breaches.
With a proper understanding, the chance of a breach can be significantly lowered.