US truck manufacturer breaks bad news to employees and retired workers
UPDATED An investigation at US truck maker Navistar has revealed that a data breach on its systems exposed employee healthcare information.
Navistar hired external cybersecurity experts and began an investigation after learning of a security incident on May 20. By the end of May, the firm had confirmed that an “unauthorized third party had accessed and taken certain data from Navistar’s IT systems”.
On June 7, Navistar filed 8-K papers with the US Security and Exchange Commission, warning investors about the incident. The notification generated press coverage about the incident from Reuters and other outlets, as investigators continued to access the scope and impact of the incident.
By August 20, Navistar’s team had confirmed that attackers had “accessed and taken” the personal information of participants to its healthcare and life insurance plans.
The potentially compromised data included the full names, addresses, dates of birth, and Social Security numbers of an unspecified number of Navistar employees past and present, according to an updated statement by Navistar on the breach.
Navistar began notifying affected individuals, who are each being offered two years of free credit monitoring and identity theft protection, in late September. Those affected are advised to be on the lookout for incidents of fraud and identity theft.
Compromised personal data is commonly used and traded by cybercriminals because it offers a means to run more convincing phishing scams that would seek still more information, or to apply for fraudulent lines of credit under false names.
Navistar employs 13,00 people worldwide. The Daily Swig has asked the firm how many people have been warned that their data had been exposed.
We also asked for comment on whether or not the breach had been notified to law enforcement and, if so, what progress had been made on that front.
No word back as yet but we'll update this story as and when more information comes to hand.
Information disclosed to US regulators reveals that 49,000 records were exposed.