Threat Watch

Third-Party Benefits Administrator Suffers Data Breach

Bay Bridge Administrators (BBA), a third-party employee benefits administrator, just announced this week that they were the victim of a cyber-attack. It was revealed that threat actors gained access to the Bay Bridge servers in August of 2022. That access was then used to remove personally identifiable information (PII) and protected health information (PHI). That information included names, addresses, birth dates, Social Security numbers, ID and driver’s license numbers, and medical and health insurance information. At this time, no evidence of misuse has been discovered, but this does not mean threat actors won’t use the information to carry out various other attacks in the future.


Affected parties are being notified by BBA and should not refrain from asking BBA how they plan to remediate the issue. Staying vigilant after becoming a victim of a data breach is extremely important. Refraining from interacting with unfamiliar senders who request payment or other personal information is a crucial element of such vigilance. Since Social Security numbers were part of the impacted data in this case, affected parties should reach out to credit bureaus and the Social Security Administration (SSA). Credit history should be regularly reviewed by affected parties. Any unusual credit occurrences should be reported as fraudulent to the aforementioned entities as soon as possible, as well as to the FBI and any associated lenders.