Cyber Incident Victim: NorthBay Healthcare Corporation

NorthBay Healthcare Corporation experienced a data breach involving unauthorized access to applicant information managed by its third-party vendor, Jobscience Inc. Jobscience notified NorthBay on October 3, 2018, that an external attacker had compromised its online employment application management system. The breach exposed personally identifiable information (PII) of individuals who applied for positions at NorthBay between December 2012 and May 2018. Compromised data included first and last names, home addresses, dates of birth, email addresses, Social Security numbers, and alien registration numbers. While financial information such as credit card details remained unaffected, the stolen PII created significant identity theft risks. NorthBay confirmed the breach through Jobscience’s forensic investigation but found no evidence of misuse of the exposed data at the time of disclosure.

In response, NorthBay issued breach notifications via a template filed with California’s Office of the Attorney General and provided affected applicants with complimentary one-year subscriptions to Experian’s IdentityWorks Credit 3B service. This offering included credit monitoring, identity theft detection, and resolution support. NorthBay collaborated with Jobscience to implement security enhancements, including forced password resets across affected systems. The organization emphasized remedial measures to prevent recurrence but did not disclose technical specifics of the vendor’s security shortcomings. No legal or operational disruptions beyond the notification and credit monitoring efforts were cited in the public disclosure.