SRA International, a government contractor that provides cybersecurity and privacy services, has warned its employees their personal information may have been stolen after hackers planted a virus on its computer network.
The malware was installed on the same network that stored employees’ personal data including names, addresses, dates of birth, health information and social security numbers. Information might also include personal employee details included in security position questionnaires.
Company investigators don’t know whether the information has been intercepted but decided it was appropriate to warn employees of the possibility. SRA doesn’t know if any data has been compromised but is taking the precaution of notifying customers that their data may have been accessed?