“An unauthorized party may have accessed a cloud storage system that contained personal information,” the company wrote. “As soon as the Company became aware of the situation, a response plan was initiated and a number of immediate actions were completed, including working with outside counsel to initiate a forensic review by Dell Secureworks, a leading global security firm.”
Sequoia says the cloud storage system contained customers’ names, addresses, dates of birth, gender, marital status, employment status, Social Security numbers, work email addresses, wage data related to benefits, member IDs as well as any other ID cards, COVID-19 test results and vaccine cards that individuals uploaded to the employment system.
Kristin Schaeffer, vice president of public relations at the communications firm AMF Media Group, declined to comment on how many people had their data exposed and are being offered free identity protection services. “At this time our focus and communication is only with our clients,” Schaeffer told WIRED.
The review found no placement of malicious tools or other software such as ransomware; no evidence of any threat to client or company networks; no evidence that the unauthorized party changed any client data; and no evidence of data being used or distributed has been found to date, according to the disclosures.
Earlier this year, California topped the list of states experiencing data breaches over a five-year span. More than 2.3 million data breaches occurred throughout the United States, Guam, U.S. Virgin Islands and the Northern Mariana Islands between 2017 and 2021, generating a total financial loss of $20.1 billion, according to the Forbes Advisor. A total of 325,291 victims were in California during that period, and they lost more than $3.7 billion to these crimes. Florida (198,830 victims), Texas (179,217 victims) and New York (141,170) came in at second, third and fourth, respectively.