On November 13, 2023, Welltok, Inc. filed a data breach notice with the Vermont Attorney General after discovering a data breach related to the company’s use of the MOVEit-related file transfer application . In the advisory, Welltok explains that the incident allowed an unauthorized party to access sensitive information of Spectrum Brands employees. Once its investigation was completed, Welltok began sending data breach notification letters to everyone whose information was affected by the recent data security incident.
If you receive a data breach notification from Welltok, Inc. regarding information you provided to Spectrum Brands in connection with your employment, it is essential that you understand what is at risk and what you can do to address it . A data breach attorney can help you learn more about how to protect yourself from fraud or identity theft, as well as discuss your legal options following the Welltok data breach. For more information, please see our recent article on the subject here.
What caused the data breach affecting Spectrum Brands employees?
The Welltok data breach affecting Spectrum Brands employees was only recently announced and more information is expected in the near future. However, Welltok’s filing with the Vermont Attorney General provides important information about what led to the breach. According to this source, Welltok operates Cafewell, which is an employee wellness benefit used to help employees make healthy lifestyle changes. In the normal course of business, Welltok uses the secure file transfer program MOVEit.
On May 31, 2023, the creator of MOVEit disclosed a security vulnerability within MOVEit. Once Welltok became aware of the vulnerability, it applied all available patches and followed steps to mitigate any potential unauthorized access. Welltok then launched an investigation with the help of external cybersecurity specialists.
On August 11, 2023, Welltok’s investigation confirmed that an unauthorized party accessed and acquired certain confidential data transmitted by Welltok using MOVEit.
After learning that sensitive consumer data was being accessed by an unauthorized party, Welltok reviewed the compromised files to determine what information had been disclosed and which consumers were affected. Welltok completed this process on October 18, 2023.
On November 13, 2023, Welltok sent data breach letters to anyone affected by the recent data security incident. Although Welltok’s publicly available data breach letter does not indicate the specific types of data that were compromised, Welltok data breach letters will be addressed to individual victims and should provide them with a list of information belonging to them which were compromised as a result of the breach. .
More information about Welltok, Inc.
Welltok, Inc. is a healthcare services and support company and a subsidiary of Virgin Pulse. Virgin Pulse is a healthcare software company based in Providence, Rhode Island. The company is partly owned by Virgin Group, a large multinational venture capital conglomerate based in London, England. Virgin Pulse employs approximately 2,000 people and generates annual revenue of approximately $385 million.
