On November 13, 2023, Welltok, Inc. filed a notice of data breach with the Attorney General of Vermont after discovering a data breach related to the company’s use of the file-transfer application MOVEit-related. In this notice, Welltok explains that the incident resulted in an unauthorized party being able to access Spectrum Brands employees’ sensitive information. Upon completing its investigation, Welltok began sending out data breach notification letters to all individuals whose information was affected by the recent data security incident.
If you receive a data breach notification from Welltok, Inc. discussing information you provided to Spectrum Brands in relation to your employment, it is essential you understand what is at risk and what you can do about it. A data breach lawyer can help you learn more about how to protect yourself from becoming a victim of fraud or identity theft, as well as discuss your legal options following the Welltok data breach. For more information, please see our recent piece on the topic here.
What Caused the Data Breach Affecting Spectrum Brands Employees?
The Welltok data breach affecting Spectrum Brands Employees was only recently announced, and more information is expected in the near future. However, Welltok’s filing with the Attorney General of Vermont provides some important information on what led up to the breach. According to this source, Welltok operates Cafewell, which is an employee wellness benefit used to help employees make healthy lifestyle changes. In the normal course of business, Welltok uses the secure file transfer program MOVEit.
On May 31, 2023, the creator of MOVEit disclosed a security vulnerability within MOVEit. Once Welltok learned of the vulnerability, it applied all available patches and followed steps to mitigate any potential unauthorized access. Welltok then launched an investigation with the help of outside cybersecurity specialists.
On August 11, 2023, Welltok’s investigation confirmed that an unauthorized party accessed and acquired some confidential data that Welltok transmitted using MOVEit.
After learning that sensitive consumer data was accessible to an unauthorized party, Welltok reviewed the compromised files to determine what information was leaked and which consumers were impacted. Welltok completed this process on October 18, 2023.
On November 13, 2023, Welltok sent out data breach letters to anyone who was affected by the recent data security incident. While Welltok’s publicly available data breach letter does not indicate the specific data types that were compromised, the Welltok data breach letters will be addressed to individual victims and should provide them with a list of what information belonging to them was compromised as a result of the breach.
More Information About Welltok, Inc.
Welltok, Inc. is a healthcare services and support company as well as a subsidiary of Virgin Pulse. Virgin Pulse is a healthcare software company based out of Providence, Rhode Island. The company is partially owned by Virgin Group, a large multinational venture capital conglomerate based out of London, England. Virgin Pulse employs approximately 2,000 people and generates annual revenue of roughly $385 million.