Tandem Diabetes Care, Inc. (NASDAQ: TNDM) today announced that it will be notifying its customers of an information security incident involving five Tandem employee email accounts.
On January 17, 2020, the Company learned that an unauthorized user gained access to an employee’s email account through a “phishing” incident. The Company immediately secured the account and began an investigation, utilizing the expertise of a leading cyber security firm. The investigation determined that a limited number of Company employee email accounts may have been accessed by the unauthorized user between January 17, 2020 and January 20, 2020. The investigation determined that some customer information was contained within these email accounts, including customer contact information, information related to the use of Tandem’s products or services, and/or clinical data regarding customer diabetes therapy, and in some very limited instances, customer Social Security numbers.
The Company has no indication that any customer information was accessed by the unauthorized user and there has been no indication that any customer information has been misused. In an abundance of caution, the Company will begin mailing letters to affected customers explaining the incident on March 17, 2020. The Company recommends that customers review billing statements from their healthcare providers and contact the provider if they are asked to pay for services not received. For those customers whose Social Security numbers were involved, the Company is offering a complimentary membership of credit monitoring and identity protection services.
“We take the protection of our customer data very seriously, and regrettably, we did not meet the high standard we set to prevent this type of phishing attack from occurring,” said John Sheridan, president and chief executive officer. “We apologize this incident took place and are continuing to invest in cyber security and data protection safeguards. In addition, we are implementing additional email security controls and strengthening our user authorization and authentication processes.”
Expenses associated with this incident, as well as additional security measures taken by the Company, are expected to be within its previously announced financial operating plans.
Customers impacted by this incident can call 1-844-971-0675 with any questions Monday through Friday, between 6:00 am and 5:30 pm Pacific Time. If customers believe they are affected by this incident, and do not receive a letter by April 17, 2020, the call center can provide them with more information.
About Tandem Diabetes Care, Inc.
Tandem Diabetes Care, Inc. (www.tandemdiabetes.com) is a medical device company dedicated to improving the lives of people with diabetes through relentless innovation and revolutionary customer experience. The Company takes an innovative, user-centric approach to the design, development and commercialization of products for people with diabetes who use insulin. Tandem’s flagship product, the t:slim X2™ insulin pump, is capable of remote software updates using a personal computer and features integrated continuous glucose monitoring. Tandem is based in San Diego, California.
Tandem Diabetes Care is a registered trademark and t:slim X2 is a trademark of Tandem Diabetes Care, Inc.
This press release contains “forward-looking statements” within the meaning of Section 27A of the Securities Act of 1933, as amended, and Section 21E of the Securities Exchange Act of 1934, as amended, that concern matters that involve risks and uncertainties that could cause actual results to differ materially from those anticipated or projected in the forward-looking statements. These forward-looking statements include statements concerning Tandem’s security incident on its email system, the implementation of remedial actions that are intended to prevent similar events from occurring in the future and anticipated expenses associated with this event and any corrective measures. These statements are subject to numerous risks and uncertainties, including our ability to implement additional procedures and security measures on a timely basis or at all, the potential that unauthorized persons may use other means to access our internal networks, the possibility that we may later discover that additional customer data was compromised or that compromised customer data has been misused, the possibility of incurring additional expenses to remediate that compromise or if for any other reason our actual expenses are higher than we presently anticipate, as well as other risks identified in our most recent Annual Report on Form 10-K, and other documents that we file with the Securities and Exchange Commission. Readers are cautioned not to place undue reliance on these forward-looking statements, which speak only as of the date of this release. Tandem undertakes no obligation to update or review any forward-looking statement in this press release because of new information, future events or other factors.