According to an inquiry into the US truck manufacturer Navistar, a network data breach at the company exposed employee healthcare information. Navistar employs around 13,000 people worldwide.
Previously, CIM reported that Navistar confirmed a data breach has taken place, but at the time, it was unknown what information was accessed by the attackers.
When Navistar learned about the security breach on May 20, it recruited outside cybersecurity specialists and launched an investigation. By the month’s end, the company had acknowledged that an “unauthorized third party had gained access to and taken data from its IT systems.”
Navistar filed 8-K paperwork with the US Securities and Exchange Commission on June 7, alerting investors about the issue. The notice garnered press coverage from Reuters and other publications as investigators continued to assess the breadth and effect of the event.
“The company, with the assistance of third-party experts, continues to investigate and address the scope and impact of the cybersecurity incident,” Navistar said in a filing.
By August 20, Navistar’s team had established that attackers had “accessed and stolen” personal information from members of the company’s healthcare and life insurance programs.
According to an updated statement on the breach, the company stated that the potentially exposed data includes the full names, residences, dates of birth, and Social Security numbers of an undisclosed number of Navistar workers, both past and current.
In late September, Navistar began informing impacted people that they would receive two years of free credit monitoring and identity theft protection. Those who have been impacted are encouraged to keep an eye out for fraud and identity theft cases.
Around the world, Navistar employs around 13,000 people. It’s unclear how many of them were notified that their information had been compromised.
It’s also unknown whether law enforcement had been alerted and, if so, what progress had been made in that regard.