Data breach of over 500 customers reported by regional service provider
Personal data of over 500 Valley Mountain Regional Center customers was accidently posted online, according to the organization.
On July 14, VMRC posted a list of vendors that fund customers who live independently. That list also included the names, addresses, phone numbers, vendor and service codes, and a description of services provided of 529 customers.
The California Department of Developmental Services alerted VMRC of the breach nine days later, on July 23. The information in the list was online for 18 hours before it was taken down. The leak did not include Social Security numbers or other financial account information of customers, according to VMRC.
There is no evidence, as of Thursday, the information was used for any nefarious means, according to VMRC executive assistant Lizzie Valerio.
“Steps have been taken to ensure similar reports are not posted with consumer information in the future. As a precautionary measure, VMRC recommends that individuals remain vigilant by reviewing their medical records,” reads a press release from VMRC.
Customers who have any questions related to the breach were urged to contact VMRC’s privacy officer at 209-926-2703 or via email at privacyofficer@vmrc.net.
VMRC is nonprofit that has a contract with the state of California to provide services to children and adults with developmental disabilities. The Stockton-based agency serves about 1.3 million people across five counties, including Stanislaus County.
According to the law media site ClaimDEPO, VMRC settled for $2.2 million for a data leak that happened in July 2023. After an investigation, it was discovered the information was hacked out of VMRC’s network. The leaked information included names, Social Security numbers, driver’s license numbers, medical information and health insurance information.
In a letter to affected customers shortly after the incident, VMRC stated that it “implemented several measures to enhance our security posture and reduce the risk of similar future incidents.”