Sustainable technology firm Johnson Matthey experienced a data breach involving over 6000 employee records. The London-based company disclosed the incident in a letter, acknowledging the breach occurred due to a third-party error. Despite emphasizing its commitment to safeguarding employee data, the breach revealed “employment-related documents” containing sensitive details such as names, Social Security numbers, and dates of birth.
The breach was discovered on February 15th, 2024, when Johnson Matthey identified files containing US employees’ personal information stored on a third-party platform. An investigation revealed that a contractor, hired by the company, had inadvertently left the files on the platform after completing their work. These files may have been accessible on the platform without adequate access controls since 2020, highlighting a concerning lapse in security protocols.
Although there is no evidence of unauthorized access or downloading of the data, the absence of access controls on the external platform raises significant security concerns. Johnson Matthey is taking proactive steps to address the breach, including retrieving the files, removing them from the external platform, and offering two years of identity protection to affected employees. Despite these measures, the incident underscores the importance of robust cybersecurity practices to protect sensitive employee information from potential breaches.
