Cyber Incident Victim: Alta Forest Products

Alta Forest Products detected unauthorized access to its systems on September 1, 2022, triggering an immediate response to secure its network and prevent further compromise. Forensic investigations determined the attacker had infiltrated company servers between August 17 and August 31, 2022, during which files containing protected health information of the Alta Forest Products Health and Welfare Plan members were potentially exfiltrated. The exposed data included names, dates of birth, Social Security numbers, financial account numbers, and employee health plan enrollment statuses for certain employees and their dependents. Approximately 2,100 individuals were affected by this breach of the health and welfare plan's records. The organization did not disclose the specific attack vector or whether ransomware was involved, focusing instead on confirmed access periods and data exposure.

Upon confirming the scope of compromised information, Alta Forest Products implemented enhanced security measures for its computer systems and data infrastructure. Notification letters detailing the incident were dispatched to affected individuals on October 31, 2022, more than two months after initial detection. The company offered complimentary credit monitoring and identity protection services to mitigate potential financial fraud risks stemming from the exposure of sensitive identifiers. No disruptions to business operations or additional system compromises were reported following the containment actions. The incident exclusively impacted members of the health and welfare plan rather than broader corporate or customer data systems, with forensic evidence confirming the attacker's access was limited to the specified 15-day window prior to detection.