The Alcohol & Drug Testing Service (TADTS) is notifying roughly 750,000 people that their personal information was compromised in a July 2024 data breach.
TADTS is based in Texas and was until recently known as the Texas Alcohol and Drug Testing Service. It provides workplace and individual alcohol and drug testing services in Texas and other states.
The incident, TADTS says, was identified on July 9, 2024, and involved unauthorized access to and the theft of data maintained in its systems.
The investigation into the potentially compromised information, conducted with the assistance of a professional data mining team, was concluded only recently, and determined that personal information was included in the stolen data.
Potentially compromised information, TADTS says, includes names, dates of birth, Social Security numbers, driver’s license numbers, passport numbers, other ID numbers, financial and credit card information, health insurance details, biometric information, login credentials, emails and passwords, and USCIS or alien registration numbers.
“Note this list describes general categories of information present within the affected systems and includes categories that may not apply to each potentially impacted individual,” the organization says in a data breach notice on its website.
The potentially compromised information was provided “in connection with screening tests you consented to in relation to current or past employment,” TADTS notes in the written notification letter sent to the affected individuals, a copy of which was submitted to the Maine Attorney General’s Office.
After containing the incident, TADTS reset all passwords, implemented additional monitoring tools, improved its endpoint detection protocols, and reported the attack to law enforcement and the relevant authorities.
The organization says it is not aware of any fraud or identity theft resulting from the incident, but recommends that the potentially affected individuals monitor their credit reports and account statements, and that they report suspicious activity in their accounts to financial institutions.
TADTS told the Maine AGO that 748,763 individuals were impacted by the data breach and that it would not provide them with free identity theft protection services.
While TADTS did not share details on the type of cyberattack it fell victim to, the infamous BianLian ransomware group took credit for the intrusion on July 14, 2024, claiming the theft of roughly 218 gigabytes of data.
It is unclear whether the hackers released the stolen information publicly, as their Tor-based leak site is currently offline and the group has been quiet for months, with their last known victim announced on March 31.
Related: 1.4 Million Affected by Data Breach at Virginia Radiology Practice
Related: Ransomware Group Claims Attack on Belk
Related: Ingram Micro Restores Systems Impacted by Ransomware
Related: Hunters International Shuts Down, Offers Free Decryptors as It Morphs Into World Leaks
