Cornwell Quality Tools has disclosed a significant data breach that compromised the sensitive information of nearly 104,000 individuals.
The incident involved unauthorized access to the company’s network, resulting in the exposure of both personally identifiable information (PII) and protected health information (PHI).
According to the company’s report, the security incident was first identified on or around December 12, 2024, when an unauthorized third party successfully infiltrated Cornwell’s internal computer systems.
A subsequent investigation determined that the attackers had accessed and potentially exfiltrated files containing a vast amount of sensitive data.
The breach affected a total of 103,782 people. The inclusion of protected health information suggests the exposed data could belong to employees enrolled in company health plans, in addition to other individuals whose data was stored on the compromised network.
The scope of the compromised data is particularly concerning due to its highly sensitive nature. The investigation confirmed that stolen information includes full names, Social Security Numbers, detailed medical information, and financial account numbers.
The combination of PII and PHI makes victims highly susceptible to a range of malicious activities. This type of comprehensive data set is highly valued by cybercriminals, who can use it for sophisticated identity theft schemes, financial fraud, and targeted phishing attacks that leverage personal health details for credibility.
Cornwell Quality Tools began notifying the affected individuals via postal mail on September 4, 2025, nearly nine months after the initial breach was discovered.
The notification letters provide details about the incident and are intended to inform individuals whose data was confirmed to be involved.
The significant delay between the breach’s discovery and the notification can leave victims unknowingly exposed to fraud for an extended period. However, such timelines can sometimes result from complex forensic investigations.
Individuals who receive a data breach notification from Cornwell are urged to take immediate steps to protect themselves. Security experts recommend that victims closely monitor their financial statements and credit reports for any unusual activity.
Placing a credit freeze or fraud alert with the major credit bureaus is a critical proactive measure to prevent criminals from opening new accounts.
Furthermore, all affected parties should be highly vigilant against potential phishing emails, text messages, or phone calls that may use the stolen information to appear legitimate. The notification letter provides more information regarding the legal rights of those impacted.
Find this Story Interesting! Follow us on Google News, LinkedIn, and X to Get More Instant Updates.
Source link
