Cyber Incident Victim: La Posada
Date:
Dec 2021
Location:
United States of America
Summary
A malware infection compromised La Posada's IT systems, restricting access to files and email. The organization engaged law enforcement and forensic investigators, determining unauthorized access to sensitive information potentially affecting current and former employees. Exposed data included personal identifiers such as names, dates of birth, Social Security numbers, driver’s licenses, and passport details, alongside financial records like direct deposit information, medical data including drug/TB test results, explanation of benefits documents, member IDs, and COVID-19 vaccination cards. Following an investigation, notifications were issued to impacted individuals, and the organization initiated a review of security protocols to prevent future incidents.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On December 10, 2021, La Posada's IT systems became infected with malware that prohibited access to certain files and email communications. The organization discovered the infection promptly and initiated a response by notifying law enforcement authorities. La Posada engaged third-party forensic investigators to conduct a comprehensive examination of the incident, aiming to determine the nature and scope of the compromise while securing affected network infrastructure. The investigation revealed evidence suggesting unauthorized access to sensitive information stored within the compromised systems. By January 24, 2022, the forensic review concluded, confirming potential data exposure and triggering the identification process for impacted individuals. La Posada began notifying current and former employees about the breach starting February 8, 2022, through individualized letters that detailed the specific types of personal information potentially accessed during the incident.
The malware incident exposed various categories of sensitive employee information, including full names, dates of birth, Social Security numbers, driver's license details, direct deposit banking information, passport numbers, and COVID-19 vaccination cards. Medical-related data such as drug test results, tuberculosis test records, explanation of benefits documents, self-funded medical plan participant information, and member identification numbers were also potentially compromised. In response to the breach, La Posada implemented network security enhancements and initiated a review of existing policies and procedures to strengthen defenses against future incidents. The organization fulfilled regulatory obligations by notifying relevant state and federal authorities about the data exposure. A dedicated assistance line became operational to address inquiries from affected individuals, while the company publicly acknowledged the seriousness of the event and expressed regret for potential inconveniences caused to those impacted by the security failure.