Employees, Dependents and Beneficiaries affected by Data Breach on Bodybuilding

Bodybuilding.com, the personal fitness and bodybuilding website, has announced that unauthorized individuals may have accessed the information of employees and customers due to a security incident it has experienced.

The breach has been discovered on Feb. 2019 after suspicious activity was noticed on its network. As a result, formal breach investigation has been launched. The breach investigation got completed on Apr. 19, 2019, and all the affected employees were notified regarding exposure of their Protected Health Information (PHI) just as a precautionary measure.

The investigation revealed that access to network has been gained when an employee fall prey to a phishing scam. Although it is believed that the data of employees and customers were not obtained by the unauthorized individuals due to the phishing attack, but the possibility cannot be ruled out. Also, no reports about data misuse were received till date.

As detailed in data incident notification that was published on the help center of the company, this security breach might "have affected certain customer information in our possession" and, also concluded that after investigating this incident with help of "external forensic consultants that specialize in cyber-attacks," Bodybuilding.com says it "could not rule out that personal information may have been accessed".

The breach has been resolved now, and the systems were secured. All the users of this website were forced to do a password reset as a precautionary measure. For the customers, the information possibly obtained has been limited to names, addresses, email addresses, birth dates, phone numbers, profile information, shipping and billing addresses, order histories, and communications with company.

Some employment-related information of Idaho-based fitness retailer's former and current employees, who are also members of company's group health plan, was also exposed. The breach has also affected the enrollees' dependents as well as beneficiaries. The exposed information contains names, dates of birth, contact information, government ID numbers, Social Security numbers, group health plan subscriber information, procedure codes, and claims information.

The breach summary appeared recently on breach portal of Department of Health and Human Services' Office for Civil Rights, which indicates 3,193 former and current employees, dependents, as well as beneficiaries were affected by the breach.

» SPAMfighter News - 5/23/2019