Abbott Laboratories

The California Office of the Attorney General disclosed a data breach at Abbott Laboratories on **January 19, 2019**, stemming from a misplaced portable drive handled by a third-party auditor. The incident exposed sensitive employee information, including **names and Social Security numbers (SSNs)**, though the exact number of affected individuals remains unspecified. The breach did not involve a targeted cyber attack or malicious intrusion but rather resulted from **human error**—the physical loss of a storage device containing unencrypted or inadequately secured data. Such exposures heighten risks of identity theft, financial fraud, or phishing attacks targeting the affected employees. The company likely faced regulatory scrutiny under data protection laws (e.g., California’s **CCPA** or federal **HIPAA** if healthcare-related data was involved), alongside potential reputational damage and internal policy reviews to prevent future lapses in third-party vendor oversight. The incident underscores vulnerabilities in **data handling protocols**, particularly when external auditors or contractors manage sensitive corporate information.

Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-144435

TPRM report: https://www.rankiteo.com/company/abbott-

"id": "abb759082025",
"linkid": "abbott-",
"type": "Breach",
"date": "1/2019",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"

{'affected_entities': [{'industry': 'Healthcare / Medical Devices',
                        'location': 'United States (California)',
                        'name': 'Abbott Laboratories',
                        'type': 'Corporation'}],
 'attack_vector': 'Physical Loss (Misplaced Portable Drive)',
 'data_breach': {'personally_identifiable_information': ['Names',
                                                         'Social Security '
                                                         'numbers'],
                 'sensitivity_of_data': 'High (includes SSNs)',
                 'type_of_data_compromised': ['Personally Identifiable '
                                              'Information (PII)']},
 'date_detected': '2019-01-19',
 'description': 'The California Office of the Attorney General reported that '
                'Abbott Laboratories experienced a data breach on January 19, '
                '2019, potentially impacting employee information, including '
                'names and Social Security numbers. The breach involved a '
                'portable drive that was misplaced by a third-party auditor.',
 'impact': {'data_compromised': ['Employee names', 'Social Security numbers'],
            'identity_theft_risk': 'Potential (due to exposed SSNs)'},
 'post_incident_analysis': {'root_causes': 'Misplacement of a portable drive '
                                           'by a third-party auditor'},
 'references': [{'source': 'California Office of the Attorney General'}],
 'regulatory_compliance': {'regulatory_notifications': ['California Office of '
                                                        'the Attorney '
                                                        'General']},
 'title': 'Abbott Laboratories Data Breach (2019)',
 'type': 'Data Breach'}