Community Memorial Health System Data Breach

Posted on behalf of Arnold Law Firm on May 06, 2020 in Data Breach

NOTICE: If you are an employee of Community Memorial Health System, and you have received a NOTICE OF DATA BREACH, contact the Arnold Law Firm at (916) 777-7777.

notes on a data breachCommunity Memorial Health System (CMHS) in Ventura, California, uses outside vendor PaperlessPay Corp. to house paystubs and assist with W-2 forms for its employees.

On February 19, 2020, the Department of Homeland Security (DHS) alerted PaperlessPay Corp. that their clients’ employee data was for sale on the dark web. PaperlessPay Corp. confirmed that an unauthorized party gained access to their SQL service on February 18, 2020.

On March 20, 2020, PaperlessPay Corp. notified CMHS about the cyberattack. CMHS disclosed the data breach to their employees, stating that potentially compromised information is associated with paycheck stubs and tax forms, and may include:

  • full names
  • addresses
  • pay and withholdings information
  • bank account numbers
  • Social Security numbers

CMHS is offering credit monitoring and identity theft protection services and is urging employees to take precautionary measures, such as changing account passwords and setting up fraud alerts with credit reporting agencies.

CMHS is a community-owned, nonprofit healthcare provider comprised of two hospitals and several family-practice health centers serving Ventura County.

PaperlessPay Corp., claims to have hosted 8 million paystubs and delivered over 106 million W-2 forms. The company provides electronic paystubs under the product names my-eStub.com and PPCStubs.com for the staff of hospitals, utility providers, and other employers. It is unknown how many of PaperlessPay Corp.’s 1500 clients or how many of the company’s 2.3 million enrolled users were affected by the security incident.

PaperlessPay Corp. was founded in 2007 and is based in Jacksonville, Florida. The company’s estimated annual revenues are $7 million. The company has not yet posted a public statement about the security incident or issued a formal notice to affected individuals.

If you are an employee of CMHS, and you have received a NOTICE OF DATA BREACH regarding this incident, contact the Arnold Law Firm at (916) 777-7777 to discuss your situation and possible legal options.