Information Notice according to Art. 34 GDPR to Former Employees

A recent security incident has affected the Telio Groups data systems. As part of this incident, unauthorized access to certain personnel records occurred. This access also affected personal data of former employees. Given that Telio does not have current contact data of all former employees, this public information notice shall enable former employees to gain transparency on the incident.

What happened to the personal data?

Personal data stored by Telio has been encrypted and the attackers accessed and exfiltrated personal data. Currently, to our best knowledge, no personal data has been leaked to the darknet.

What personal data was involved and what could be the consequences?

The personal data affected by the incident consist of standard personnel information deriving from the employment contract such as names, private addresses, private email address as well as employment related data such as health-related data, and financial records (banking details, payroll information).

In such cases, as a consequence, it cannot be ruled out that the exfiltrated personal data may be used on the internet to the detriment of employees, e.g. that banking details are use in online purchases, or that third parties may impersonate the affected individuals otherwise.

What Telio has done and what Telio is doing?

Telio has always implemented security measures in accordance with the latest IT security standards and the recommendations of the Federal Office for Information Security (BSI) as we are BSI IT Grundschutz and ISO27001 certified. Telio immediately isolated affected systems and implemented robust security measures. Authorities have been formally notified of the cyber incident. Telio is working with external cybersecurity experts to clarify the situation and take further protective measures.

What Former Employees Can Do

-Monitor bank accounts and online activities for any suspicious transactions or unauthorized activity.

-Being cautious of unsolicited communications requesting personal information or offering suspicious services.

-If former employees have any questions or concerns or need assistance, they can contact us under DPO@tel.io.

Telio deeply regrets any inconvenience, which may have been caused by this incident.