Amgen affected by data breach at its vendor, Sirva Relocation

Amgen Inc., a leading biotechnology company, was recently affected by a data breach involving its service provider, Sirva Relocation, LLC, and its parent company, Sirva, Inc. This breach potentially exposed sensitive personal information of individuals associated with Amgen.

The breach occurred between August 16, 2023, and October 17, 2023, when unauthorized actors accessed certain Sirva systems and copied files during this period. On September 29, 2023, Sirva detected suspicious activity and began an investigation, which revealed the extent of the breach. Amgen was notified on August 8, 2024, that some of the data related to its personnel might have been affected.

The breach exposed a wide range of personal data, including:

• Name
• Contact Information
• Non-U.S. Address
• Credit/Debit Card Information
• Date of Birth
• Employment Information, Including Salary
• Financial Accounts Information
• Gender Identification
• Medical/Health Information
• Passport Information
• Sirva File Number
• Social Security Number/Social Insurance Number
• Unique or Other Government-Issued ID Number
• Loan Information
• Taxpayer Identification Number

The severity of this breach is significant due to the nature and breadth of the information exposed, which could lead to identity theft or financial fraud if misused. You can find more details about the breach in the disclosure on the Massachusetts Attorney General's website and the California Attorney General's website.

Amgen Inc.'s Response

Upon learning of the incident, Amgen took immediate action to understand the scope and impact of the breach. The company worked closely with Sirva to investigate the incident and assess the security of the affected systems. Amgen has also collaborated with Sirva to enhance security measures to prevent such incidents in the future. Furthermore, Amgen has notified relevant law enforcement and regulatory bodies, ensuring compliance with legal requirements.

To support those potentially affected, Amgen has engaged Kroll, a global leader in risk mitigation, to provide identity monitoring services at no cost. These services include credit monitoring, identity theft restoration, and fraud consultation, among others.

Steps to Take if You Are Affected

If you believe your information may have been compromised in this breach, it is crucial to remain vigilant. Here are some steps you can take:

1. Activate Identity Monitoring Services: Utilize the identity monitoring services provided by Kroll. Visit Kroll's enrollment page to activate your services before the specified deadline.
2. Monitor Your Accounts: Regularly check your financial accounts and credit reports for any suspicious activity. You are entitled to one free credit report annually from each of the three major credit bureaus.
3. Place a Fraud Alert or Credit Freeze: Consider placing a fraud alert or credit freeze on your credit file. This can help prevent unauthorized access to your credit information.
4. Report Suspicious Activity: If you detect any unauthorized transactions or suspect identity theft, report it immediately to your financial institution and law enforcement.

For further assistance, you can contact Kroll at (866) 997-0255 or reach out to Amgen's Human Resources for more information.