Data breach at Alcohol & Drug Testing Service affects nearly 750,000

The Alcohol & Drug Testing Service said it suffered a significant data security incident that compromised the sensitive personal data of roughly 750,000.

 

Headquartered in Houston, Texas, Texas Alcohol and Drug Testing Service helps  companies develop a drug-free workplace.

 

In a data security incident notice published on its website, TADTS said that on July 9 2024, it identified suspicious activity within its internal network. The company immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident.

 

“Through additional investigation, we confirmed that some of our data had been downloaded by an unauthorised actor,” TADTS said.

 

The compromised data included names, dates of birth, Social Security numbers, driver’s license & government-issued identifications, passport numbers, bank or financial information, credit and debit card information, usernames and passwords, emails and passwords, health insurance information, USCIS or alien registration numbers, and biometric information.

 

In a filing with the Office of Maine Attorney General, TADTS said that it has identified at least 748,763 individuals impacted by the incident.

 

“Upon becoming aware of the Incident, we immediately implemented measures to further strengthen the security of our systems and practices, including resetting all passwords and implementing additional monitoring tools on top of our existing protocols.  We also reported this matter to federal law enforcement,” TADTS added.

 

While TADTS found no evidence of the compromised information being misused, it advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and the state attorney general.

 

 

 

On July 14 2024, the BianLian ransomware group claimed responsibility for the cyber attack on TADTS and listed it as a victim on its data leak site. The group claimed to be in possession of  to 218GB of confidential organisational data, including finance data, HR data, PII records, PHI records, test results, internal and external email correspondence and more.

 

TADTS has neither confirmed the group’s claims nor disclosed whether a ransom was paid.