PA: Allegheny Intermediate Unit notifying employees, dependents, and vendors about last year’s ransomware incident

A breach first reported in February 2020 involving Allegheny Intermediate Unit now has a press release that relates to it. At the time, AIU, which is a unit of the Pennsylvania Department of Education, notified its employees but didn’t think any sensitive information had been accessed. Yesterday, they issued a press release that said that there had been access to information about some current and former employees, as well as their dependents and beneficiaries if they participated in AIU’s health of other benefit plans. That would likely put some of this under HIPAA.  The incident also reportedly impacted sole proprietor vendors who received an IRS Form 1099 from the AIU (for tax years 2013 through 2020). The information in the files included names, addresses, email addresses, dates of birth, and Social Security numbers. AIU’s full notice can be found on their web site at https://www.aiu3.net/Page/4522. There is nothing on HHS’s public breach tool at this time. The incident was first disclosed on the Conti threat actors leak site in January, 2020. Conti dumped almost 2,300 files and claimed that that was 50% of what they had exfiltrated.    DataBreaches.netRead More