Sensitive information on the Drug Testing Subjects compromised

Tomo Drug Testing based in Springfield city, Missouri, is a provider of the drug screening services. The company has discovered that an unauthorized individual is successful in gaining access to a customer database containing sensitive information of the drug screening subjects, which includes names, driver's license numbers, Social Security numbers, drug test results, and state identification numbers.

As per a statement that was released by Tomo Drug Testing, an unidentified individual has accessed the customer database on Apr. 23, 2019, and then again on May 9, 2019. The statement further stated that this unidentified individual claimed that he/she have downloaded and then removed some information from the customer database.

Tomo Drug Testing discovered this breach on Apr. 23, 2019. The company has launched an investigation immediately, with assistance of the forensic experts, in order to determine the scope and nature of this incident. Although it has not been possible to decide whether the customer database had been stolen and copied, certain items have been found that they were deleted or removed from the customer database.

The customer database seems to be accessed using the compromised credentials. Once the breach was discovered, the password as well as privileges on account that were used for accessing the customer database was changed and the data have been restored from backups. All the data were now migrated to a far more secure system having additional security measures, whereas the previous system was now decommissioned. Tomo Drug Testing continues implementing additional technical safeguards, in order to prevent more incidents from taking place in future.

Determining who has been affected and the kinds of information present in impacted database was a labor-intensive and lengthy process. So only by Jul. 1, 2019, all the individuals impacted by this breach were discovered as well as up-to-date contact information was obtained. As it has not been possible to find the contact information of all the individuals affected, so the substitute breach notice was issued to some state media outlets.

Notification letters now were sent, and the affected individuals were offered complimentary identity theft protection and credit monitoring services as a precautionary measure. Right now, it is not clear how many individuals were impacted.

However, still as a precautionary measure, Tomo is providing the notice letters of this incident to possibly impacted individuals as well as certain state regulators.

» SPAMfighter News - 10/18/2019