National Veterinary Clinic Faces Data Breach
Table of Contents
- By Steven
- Nov 15, 2022
United Veterinary Clinic (UVC) has more than 100 locations in 23 states. The clinic employs over 4,000 veterinarians, vet techs, customer service representatives, and other necessary employees. In June 2022, the chain noted a security breach and began investigating immediately. In August 2022, the investigation found that the violation involved specific customers' personal information.
How Did the Attack Occur?
The attack most likely occurred through a phishing campaign. A notification letter sent to the Massachusetts Attorney General's Office stated, "We are writing with important information regarding a recent security incident. The privacy and security of the personal information we maintain is of the utmost importance to United Veterinary Care. We wanted to provide you with information about the incident, explain the services we are making available to you, and let you know that we continue to take significant measures to protect your information."
What Information Was Viewed or Stolen?
Luckily for affected pet parents, a limited amount of data is affected. The data concerned is incredibly sensitive; social security numbers, financial information, and names were on the list of exposed information. The investigation was concluded in late October 2022, though the breach occurred between January 25, 2022, and March 11, 2022. UVC sent notifications to the victims on November 3, 2022.
How Did United Veterinary Clinic Admit to the Breach?
The clinic admitted to the breach by sending a notification to the Massachusetts Attorney General's Office and affected customers. While many customers are upset that the clinics took so long to notify the victims, the victims must remember there is more to notifying customers than just alerting them to the breach. If the clinic had sent a notification saying, "Hey! We had a data breach. We don't know who or what was affected or if it had anything to do with you. Have a nice day!" there would have been some issues. An investigation had to be conducted and finished before victims could know about the breach. They want to know precisely what information was affected in the breach, and sending notification letters to all of the clinics' customers would have caused widespread panic and a massive loss of business.
What Will Become of the Stolen Information?
When facing the aftershocks of a data breach, there is an increased chance of fraud, identity theft, and, in some instances, much more violent and problematic real-life consequences. In this breach, however, the hacker will most likely sell the information on the dark web. Financial information is probably the most significant target in this breach. At the same time, the bad actor could easily use social security numbers and names for identity theft and other types of fraud.
What Should Affected Parties Do in the Aftermath of the Breach?
This breach is, in many ways, no different from many other breaches – at least in how you should handle it. The steps we recommend are the same as most other breaches we report. Change your passwords for the United Veterinary Care site, as we don't know if that has something to do with the breach. UVC offers 24 months of free credit monitoring with Equifax, so we recommend accepting that or investing in your own. You can also download or purchase device monitoring software that will alert you to scams or malware, granting you the ability to contact the proper authorities.