Computer breach in Brewer-Porch Children’s Center exposed personal information

University of Alabama said that a computer security incident of 2009 involving a Brewer-Porch Children's Center server might have exposed certain personal information of around 1,400 former clients, medical providers and employees.

In June, the staff while preparing one old server of Brewer-Porch for disposal has learned about unauthorized login activity in between October 24, 2009, and December 9, 2009. The unauthorized login activity was from outside of United States. This incident may affect any client of Brewer-Porch who has received services from them in between September 27, 2002, and December 9, 2009, as well as any medical providers and employees working for the Brewer-Porch during the same time period.

University of Alabama announced on July 16, 2019, that it was contacting the former employees as well as clients who might were affected by this decade-old security breach. University of Alabama is offering free identity theft protection and credit monitoring services for one year to the affected clients, medical providers and employees. University of Alabama will also provide complete information on how to address and monitor possible credit issues.

"We do not have evidence that personal information was in fact accessed or used," said John McGowan, vice provost for IT and the chief information officer of the university. "However, because there was an opportunity for access, we have set up a dedicated call center, created an incident website, mailed notices to employees and medical providers, and issued a press release in an effort to notify the 727 former clients and 641 former and current employees and medical providers whose personal data was stored on that server in 2009".

That server included client information like names, Social Security numbers, dates of birth, phone numbers and addresses of client along with parents/guardians, insurance providers, demographic profiles, billing codes, diagnoses, admission dates and discharge dates. While employee/medical provider information in that server included names, Social Security numbers, addresses, dates of birth, billing credentials, demographic information, other employment related-information, as well as other not so sensitive information like language spoken, issue date of driver's license, expiration date of driver's license, employment title/position.

Employees, clients, or medical provider's credit card information or other banking information was not stored on that server.

McGowan said that "we sincerely regret this incident occurred, and we apologize to anyone affected".

» SPAMfighter News - 8/14/2019