The California Office of the Attorney General reported on March 13, 2020, that Foundation Medicine, Inc. experienced a data breach involving unauthorized access to an employee’s email account. The breach initially occurred when phishing communications compromised the account on December 17, 2019, and was discovered on January 14, 2020. The breach may have affected the protected health information of individuals, including full names, dates of birth, ages, and test information; however, financial information and Social Security Numbers were not involved.
Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-188282
TPRM report: https://www.rankiteo.com/company/foundation-medicine
"id": "fou518072525",
"linkid": "foundation-medicine",
"type": "Breach",
"date": "12/2019",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'industry': 'Healthcare',
'name': 'Foundation Medicine, Inc.',
'type': 'Company'}],
'attack_vector': 'Phishing',
'data_breach': {'personally_identifiable_information': True,
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Full names',
'Dates of birth',
'Ages',
'Test information']},
'date_detected': '2020-01-14',
'date_publicly_disclosed': '2020-03-13',
'description': 'Unauthorized access to an employee’s email account '
'compromised protected health information of individuals.',
'impact': {'data_compromised': ['Full names',
'Dates of birth',
'Ages',
'Test information']},
'initial_access_broker': {'entry_point': 'Email Account'},
'post_incident_analysis': {'root_causes': 'Phishing attack leading to email '
'account compromise'},
'references': [{'date_accessed': '2020-03-13',
'source': 'California Office of the Attorney General'}],
'title': 'Foundation Medicine, Inc. Data Breach',
'type': 'Data Breach',
'vulnerability_exploited': 'Email Account Compromise'}