Cyber Incident Victim: Pharm-Olam International
Date:
Feb 2016
Location:
United States of America
Summary
Pharm-Olam International experienced a security incident involving unauthorized disclosure of employee W-2 forms, compromising names, addresses, Social Security numbers, and wage information. The company initiated an internal investigation, notified law enforcement and relevant authorities, and offered affected individuals complimentary identity protection services for one year.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On February 23, 2016, Pharm-Olam International experienced a security incident involving unauthorized disclosure of employee W-2 tax forms. The compromised documents contained sensitive personal information including employee names, addresses, Social Security numbers, and detailed 2015 wage data. The company detected the breach on the same day it occurred and promptly initiated an internal investigation into the circumstances surrounding the disclosure. While the exact method of compromise was not publicly disclosed, the incident resulted in employee data being transmitted to an unauthorized recipient. Pharm-Olam did not specify the total number of affected employees in its notifications or public communications about the event. The nature of the exposed information created significant risks for identity theft and financial fraud against impacted individuals due to the inclusion of Social Security numbers and precise income details.
Pharm-Olam began mailing physical notification letters to affected employees on February 26, 2016, three days after discovering the breach. These communications acknowledged the inadvertent disclosure and apologized for the incident while outlining protective measures available to victims. The company reported the breach to law enforcement agencies and unspecified "appropriate authorities/entities," cooperating with their parallel investigations. As remediation, Pharm-Olam arranged complimentary identity protection services through IDT911, offering affected employees 12 months of credit monitoring and identity theft prevention assistance at no cost. Enrollment instructions for these services were included in the notification letters, which also directed recipients to additional resources through the Vermont Attorney General's website where the full notification was publicly posted. The organization emphasized its regret over the incident and stated it valued employee privacy, though no technical or procedural changes implemented post-breach were detailed in available communications.