Healthcare unicorn Ro is notifying employees of a data exposure involving their personal information after a security contractor “inadvertently” uploaded a spreadsheet of employee data to the internet.
In a data breach notice obtained by TechCrunch from an affected employee who received the notice this week, Ro said it discovered that the contractor uploaded the spreadsheet containing employee’s personal information to an unspecified malware detection platform on July 6.
The spreadsheet contained “personal information related to your employment,” the breach notice read, including employee names, addresses and bank account numbers. It’s not clear what other information, if any, was contained in the spreadsheet.
“Ro immediately worked with the malware detection platform to have the spreadsheet deleted, and at this time, there is no evidence to suggest that there has been any attempt to misuse any of the information,” the breach notification read.
Ro added that the spreadsheet was “accessible to the platform’s paid business subscribers” for five days before it was removed.
