Investment firm Bridgewater Associates recently began notifying [PDF] former and rehired employees that a database containing information on former employees who elected to receive COBRA health benefits was breached on or around April 11, 2013 (h/t DataBreaches.net).
The database, hosted by Ceridian, contains employees’ names, birthdates, Social Security numbers, addresses, dates of separation from Bridgewater, type of separation, benefit plans elected while employed at Bridgewater, premiums and due dates, eligibility for continuing COBRA coverage, and the same information for any dependents.
The breach was discovered when a Bridgewater consultant’s password used to access the database was changed without the consultant’s permission. Upon further investigation, it became clear that the changed credentials were used to access the database on three separate occasions.
All those affected are being offered one year of free identity and credit protection services from Equifax.