Vimly Benefit Solutions said Friday that it is mailing letters to some of its customers whose information may have been compromised as part of a phishing attempt aimed at Vimly workers. Names, dates of birth, addresses, Social Security numbers and benefits enrollment information may have been compromised, Vimly said.
Phishing involves sending fraudulent emails purportedly from a legitimate company. The emails attempt to trick people into revealing personal information that can be used for identity theft.
Vimly advised the Boise Fire & Police Trust of the incident on Oct. 15. The trust, a fraternal society, is a self-funded health plan that provides hospital, medical, surgical, dental, vision and prescription drug benefits.
In a letter to the Idaho Statesman, Vimly said it discovered on Aug. 19 that an unauthorized individual may have gained access to some Vimly employees’ email accounts three days earlier.
Vimly, based in Mukilteo, Washington, took action to secure the affected email accounts and opened an investigation, the letter said. The company hired a cybersecurity firm to assist in the probe.
Investigators were unable to determined what information, if any, the intruder may have viewed or accessed.
“Vimly is not aware of any fraud or misuse of participants’ information as a result of this security incident,” the company wrote. “In an abundance of caution, Vimly began mailing letter to trust participants on Dec. 13.”
The investigation is continuing, and Vimly said it would provide notice to all participants as new information is learned.
Trust members who do not receive a letter by Jan. 15 are asked to call the company at 833-963-0526.
Mike Journee, spokesman for Mayor David Bieter, could not be reached late Friday to answer how many people may have been affected. A spokeswoman for Vimly was not immediately available.
©2019 The Idaho Statesman (Boise, Idaho). Distributed by Tribune Content Agency, LLC.