On February 15, 2021, Exceltox Laboratories experienced a data breach when a shipment containing sensitive personal information related to COVID-19 tests was lost during transit. The compromised data included highly confidential details such as full names, addresses, phone numbers, Social Security numbers, dates of birth, gender, medical provider information, patient IDs, test types, collection dates, and insurance details. The breach was reported to the California Office of the Attorney General on May 7, 2021. The exposure of such extensive personal and medical data poses significant risks, including identity theft, financial fraud, and unauthorized access to sensitive health records. The incident highlights vulnerabilities in the secure handling and transportation of physical documents containing protected health information (PHI). While the exact cause of the package’s disappearance remains undisclosed, the breach underscores the critical need for robust safeguards in managing and transmitting sensitive data, particularly in healthcare settings where patient confidentiality is paramount.
Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-540660
TPRM report: https://www.rankiteo.com/company/exceltox-laboratories-.-llc.
"id": "exc252082125",
"linkid": "exceltox-laboratories-.-llc.",
"type": "Breach",
"date": "2/2021",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Healthcare/Diagnostics',
'location': 'California, USA',
'name': 'Exceltox Laboratories',
'type': 'Private (Laboratory/Healthcare)'}],
'data_breach': {'data_exfiltration': 'Physical loss (missing package during '
'delivery)',
'personally_identifiable_information': True,
'sensitivity_of_data': 'High (includes SSN, medical, and '
'insurance details)',
'type_of_data_compromised': ['Personal Identifiable '
'Information (PII)',
'Protected Health Information '
'(PHI)']},
'date_detected': '2021-02-15',
'date_publicly_disclosed': '2021-05-07',
'description': 'The California Office of the Attorney General reported a data '
'breach involving Exceltox Laboratories on May 7, 2021. The '
'breach occurred on February 15, 2021, when a package '
'containing personal information from COVID-19 tests went '
'missing during delivery. The compromised information includes '
'full name, address, phone number, Social Security number, '
'date of birth, gender, medical provider, patient ID, test '
'type, collection date, and insurance details.',
'impact': {'brand_reputation_impact': 'Potential negative impact due to '
'exposure of sensitive personal and '
'medical data',
'data_compromised': ['Full name',
'Address',
'Phone number',
'Social Security number',
'Date of birth',
'Gender',
'Medical provider',
'Patient ID',
'Test type',
'Collection date',
'Insurance details'],
'identity_theft_risk': 'High (due to exposure of SSN, DOB, and '
'other PII)'},
'post_incident_analysis': {'root_causes': 'Physical loss of package '
'containing sensitive data during '
'delivery'},
'references': [{'source': 'California Office of the Attorney General'}],
'regulatory_compliance': {'regulations_violated': ['California Consumer '
'Privacy Act (CCPA)',
'Health Insurance '
'Portability and '
'Accountability Act '
'(HIPAA) (likely)'],
'regulatory_notifications': 'Reported to California '
'Office of the Attorney '
'General'},
'response': {'communication_strategy': 'Public disclosure via California '
'Office of the Attorney General'},
'title': 'Exceltox Laboratories Data Breach (2021)',
'type': 'Data Breach (Physical Loss)'}