Briggs Stratton Corporation Data Breach (2017)

the breach was a hacking/IT incident resulting a potential unauthorized disclosure of ePHI. Malware was discovered on its systems which potentially gave unauthorized individuals access to the system where ePHI was stored. Access to the system was possible between July 25 and July 28, 2017. Briggs Stratton became aware of the incident on July 25, and took steps to contain the attack. Notifications were delayed until September 30, 2017 due to a law enforcement investigation into the malware attack. The breach impacted 12,789 of its employees and potentially resulted in the exposure of names, addresses, dates of birth, driver’s license numbers, Social Security numbers, health plan IDs, insurance information, passport numbers, work-related evaluations, and login details to its work systems. No evidence of misuse of any health plan data has been uncovered, although employees impacted by the breach have been offered credit monitoring and identity theft protection services for 12 months without charge. Steps have also been taken to improve security to prevent similar incidents from occurring in the future.