walman-logo

Walman Data Security Incident 


On August 21, 2020, Walman’s computer systems experienced a ransomware attack.  During this attack, a third party gained access to our network and a server that stored documents containing Personal Health Information, specifically employee name and optical prescription. This information appeared on invoices for safety eyewear purchased from Walman Optical. Walman does not have contact information for individual employees whose PHI may have been exposed. Out of an abundance of caution, Walman notified employers and provided a list of employees whose name and optical prescription may have been exposed.



Frequently Asked Questions

 

Q:  What happened?

A: On August 21, 2020, Walman’s computer systems experienced a ransomware attack.  During this attack, a third party gained access to our network and a server that stored documents containing Personal Health Information, specifically employee name and optical prescription.  This information appeared on invoices for safety eyewear purchased from Walman Optical. Walman does not have contact information for individual employees whose PHI may have been exposed. Out of an abundance of caution, Walman notified employers and provided a list of employees whose name and optical prescription may have been exposed.

More detail: Walman cooperated with the FBI as they investigated the group that conducted the ransomware attack.  During the course of their investigation, the FBI discovered that information from a Walman server had been downloaded and posted on the Internet. 

Further investigation indicated that the information was downloaded from a single server on Walman’s network.  Walman engaged an independent cyber forensics company to analyze the information on that server.  The analysis determined that limited employee Personal Health Information (PHI), specifically employee name and optical prescription, appears on safety eyewear invoices that were stored on this server.  No additional PHI appears on the invoices. 

An unknown number of these invoices were downloaded from Walman’s server.  Some of the downloaded invoices were displayed on the Internet.  Walman Optical believes the exposed PHI presents a very low risk to employees.  Since Walman does not have contact information for the employees whose PHI may have been exposed, we are notifying employers of the potential exposure of employee’s PHI.

 


 

Q: When did the event occur?

A:  The ransomware attack occurred August 21, 2020.   Walman responded by engaging security experts to stop the attack and restore our computer systems to normal operations.  Walman has implemented several security improvements to strengthen our network and data security.  In addition, we have changed the way we store personal information to reduce potential exposure.

 


 

Q:  What kind of information was exposed in this event?

A: Employee’s Personal Health Information (PHI), specifically employee name and optical prescription, appears on one or more Walman Optical safety eyewear invoices. No additional PHI appears on the invoices.  An unknown number of these invoices were downloaded from Walman’s server.  Some of the downloaded invoices were displayed on the Internet.

 


 

Q:  Why has it taken so long to notify me?

A:  Walman worked with multiple parties including security vendors, the FBI and computer forensics specialists to investigate and remedy the malware attack.  Information security was a primary focus of the investigation.  It has taken some time to complete the investigation and conduct the forensic analysis.  Since Walman does not have contact information for the employees whose PHI may have been exposed, we are notifying their employers of the potential exposure of employee’s PHI. 

 


 

Q:  What is Walman doing in response to the event?

A:  Walman has implemented several security improvements to strengthen our network and data security.  We have also changed the way we store PHI to reduce potential exposure.

 


Q: What you can do.

For additional information employees can access a dedicated hotline at 855.484.1176.  Assistance is available Monday through Friday from 8:00 a.m. to 5:30 p.m. Central Time.

 


Q:  What is Walman doing to prevent similar events from happening in the future?

A:  Walman implemented several security improvements to strengthen our network and data security.  We have changed the way we store personal information to reduce potential exposure.  In addition, we are launching an enhanced security awareness program to better equip our employees to recognize security risks.

 


Q:  What Services am I being offered?

You can access a dedicated hotline at 855.484.1176.  Assistance is available Monday through Friday from 8:00 a.m. to 5:30 p.m. Central Time.



Q:  Who is Kroll?  I thought my information was being held by Walman Optical. 

A:  Kroll has been hired by Walman to provide notification and additional Information following the incident.

 


 

Q:  I received a letter in the mail.  Is this fraudulent, a scam or a real incident?

A: Federal and state laws require that we provide notification by mail.  We can assure you that this incident did occur and thus we are offering the support identified within the notification letter.