The notice was filed Oct. 4, after GPPC realized an unauthorized party gained access to a company email account. This then resulted in the unauthorized party accessing consumers’ private information, including names, addresses, Social Security numbers, financial information, birth dates, medical information and health insurance information.
The unusual activity was initially detected June 12, which was followed by an investigation with the support of third-party cybersecurity experts. On Aug. 6, the investigation confirmed that an unauthorized party had accessed GPPC’s email system between April 6 and June 12.