Cable manufacturer Belden (NYSE: BDC) has issued an additional notification about the extent of a cybersecurity breach that targeted the company. The update was issued April 7 to notify employees and customers that the cybersecurity attack not only compromised employees’ and former employees’ personal information, but also health-related information, including names, gender and benefits. The attack also gained access to limited information about customers, possibly including integrators.
Belden first reported the original cyberattack on November 24, 2020. The company’s full warning notes:
Belden was the victim of a sophisticated cyberattack that may have exposed the personal information of current and former employees and limited company information regarding some business partners.
On the evening of November 12, 2020, Belden IT professionals detected unusual activity involving certain company servers. We immediately triggered our cybersecurity incident response plan, deployed teams of internal IT specialists and engaged leading third-party cybersecurity forensic experts and other advisors to identify the scope of the incident and to move quickly to mitigate the impact.
Forensics experts determined that we were the target of a sophisticated attack by a party outside the company. In addition to containing personal information of some current and former employees, we subsequently learned that the impacted servers also contained some personal information of some spouses, dependents and relatives of some current and former employees. Further, on or after February 9, 2021, we learned that information exposed in the incident also included health-related information.
The health-related information that may have been compromised as part of this incident included individuals’ names, gender and benefits information, such as their UMI (member) number, group number, coverage category, primary source of coverage, the effective date of coverage, additional sources of coverages, the effective date of any additional coverage, their relationship to a Belden employee and other benefits information. At this time we do not have reason to believe that any specific information related to any specific health conditions or diagnostic information was included in the incident.
As we have previously stated, our investigation into this incident is ongoing. However, we are confident that we have stopped further unauthorized access of personal data on our servers. In addition to notifying law enforcement and regulatory authorities, we are continuously monitoring for any suspicious activity on our systems and have deployed additional resources to reinforce the security of our systems.
Notification letters are being sent to the most recent addresses available for those impacted by the incident. The letters contain a toll-free number affected individuals may call with any further questions and additional information about identity monitoring services Belden is making available to mitigate the potential impact of this incident. In the meantime, potentially affected persons seeking additional information may email email@example.com.