Insurance company Johnson & Johnson has disclosed a data breach impacting the personal information of thousands of people.
Johnson & Johnson, which has no connection to the US pharmaceutical giant, informed the Maine Attorney General’s Office late last week that it had detected a security breach on its network in mid-August 2024.
The company launched an investigation and took steps to enhance its security after discovering the intrusion.
“The third-party digital forensic investigation determined that your personal information could have been compromised. Specifically, files related to our insurance practice were stored in a J&J network location that was subject to unauthorized activity,” Johnson & Johnson is telling impacted individuals.
It’s unclear exactly what type of information may have been compromised, but it’s likely sensitive considering that impacted individuals are being offered free credit monitoring and identity restoration services.
“Please note that we have no evidence at this time that any of your personal information has been misused as a result of the incident,” the company noted.
The firm has told the Maine AG that more than 3,200 individuals are impacted by the data breach.
Johnson & Johnson has not shared any other information on the attack. No known ransomware group appears to have taken credit for the intrusion.
*article updated throughout to clarify that the impacted Johnson & Johnson is not the US pharmaceutical giant, as the initial version of the article wrongly stated.
Related: IBM Discloses Data Breach Impacting Janssen Healthcare Platform
Related: Personal, Health Information Stolen From Pharma Giant Cencora
Related: Pharmaceutical Giant Eisai Takes Systems Offline Following Ransomware Attack
Related: Healthcare’s Ransomware Epidemic: Why Cyberattacks Hit the Medical Sector With Alarming Frequency