The California Office of the Attorney General disclosed that Advanced Data Processing, Inc. suffered a data breach on October 1, 2012, caused by an employee’s illegal access and unauthorized disclosure of patient account information. The compromised data included names, dates of birth, Social Security numbers, and record identifiers, though the exact number of affected individuals remains undetermined. Notably, no medical records were accessed, limiting the scope to personally identifiable information (PII) rather than sensitive health data. The breach stemmed from internal misconduct, highlighting vulnerabilities in employee access controls and oversight. While the incident did not involve external cybercriminals or sophisticated hacking techniques, the exposure of SSNs and other PII poses significant risks, including identity theft, financial fraud, and reputational harm to both the company and the affected individuals. The lack of clarity on the number of victims further complicates mitigation efforts, as the full extent of the damage such as potential fraudulent use of the stolen data cannot be precisely assessed. As a healthcare-adjacent service provider, the company’s failure to prevent unauthorized internal access underscores systemic weaknesses in data governance, particularly in sectors handling sensitive personal information. The breach serves as a cautionary example of how insider threats can exploit procedural gaps, even without external cyberattacks.
Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-37063
TPRM report: https://www.rankiteo.com/company/cdp-inc
"id": "cdp558091725",
"linkid": "cdp-inc",
"type": "Breach",
"date": "6/2012",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'customers_affected': 'Unknown',
'industry': 'Healthcare Data Processing',
'location': 'California, USA',
'name': 'Advanced Data Processing, Inc.',
'type': 'Corporation'}],
'attack_vector': 'Internal (Employee Misconduct)',
'data_breach': {'data_exfiltration': 'Yes (Disclosure by employee)',
'number_of_records_exposed': 'Unknown',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High (SSNs, PII)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Patient Account Information']},
'date_detected': '2012-10-01',
'description': 'The California Office of the Attorney General reported that '
'Advanced Data Processing, Inc. experienced a data breach on '
'October 1, 2012, involving the illegal access and disclosure '
'of patient account information by an employee. The breach '
'potentially affected the names, dates of birth, Social '
'Security numbers, and record identifiers of individuals, '
'although it is unknown how many were affected. No medical '
'information was accessed.',
'impact': {'data_compromised': ['Names',
'Dates of Birth',
'Social Security Numbers',
'Record Identifiers'],
'identity_theft_risk': 'High (PII exposed)'},
'post_incident_analysis': {'root_causes': 'Employee misconduct (illegal '
'access and disclosure)'},
'references': [{'source': 'California Office of the Attorney General'}],
'regulatory_compliance': {'regulatory_notifications': 'California Office of '
'the Attorney General'},
'response': {'law_enforcement_notified': 'Yes (California Office of the '
'Attorney General)'},
'threat_actor': 'Employee (Insider)',
'title': 'Advanced Data Processing, Inc. Data Breach (2012)',
'type': 'Data Breach (Insider Threat)'}