Healthcare unicorn, Ro notifies employees of a data exposure involving their personal information after a security contractor “accidentally” uploaded a spreadsheet of employee data to the internet.
In a data breach report obtained by todaybusinessupdates.com from an affected employee who received the report this week, Ro said it discovered that the contractor uploaded the spreadsheet containing the employee’s personal information to an unspecified malware detection platform on July 6.
The spreadsheet contained “personal information related to your employment,” the breach notice said, including names, addresses and bank account numbers of employees. It’s not clear what other information, if any, was in the spreadsheet.
“Ro immediately worked with the malware detection platform to have the spreadsheet removed, and at this time there is no evidence to suggest an attempt was made to misuse the information,” the breach notice said.
Ro added that the spreadsheet was “accessible to the platform’s paid business subscribers” for five days before it was removed.
When reached out, Ro spokesman Meg Pianta declined to name the malware detection platform. “We believe in transparency and have sent a report out of caution,” Pianta said. The spokesperson declined to say what assurances he received from the malware detection platform that there was no other access to the spreadsheet.
Pianta said no customer or patient data has come to light from the incident.
It’s not uncommon for companies to rely on services such as VirusTotal, an online malware scanner that allows users to simultaneously check suspicious files against dozens of antivirus engines at once. VirusTotal also gives other paying customers access to files uploaded by others to the database for security research, but warns users not to “submit any personal information”.
Over the past year, Ro has gone through a wave of changes, largely on the staff front. In June, the company cut 18% of its workforce to “manage spending, increase the efficiency of our organization and better align our resources with our current strategy,” the leadership wrote in an email obtained by todaybusinessupdates.com and confirmed by multiple sources.
Weeks earlier, Modern Fertility co-founder Afton Vechery, who sold her business to Ro in May 2021, left the company. And weeks later, Ro’s Co-Founder and Chief Growth Officer Rob Schutz stepped down from his current position and took up an advisory position. All of this came after the company raised money from existing investors at a valuation of $7 billion. It was an increase from Ro’s previous valuation, about $5 billion, but the actual capital raised itself was less than the previous round.
Ro’s biggest challenge since its inception has been going beyond its core business: erectile dysfunction. The company said that, in addition to the pharmacy acquisition and growth, it launched Ro Mind for mental health and Ro Derm for skin care. In a statement following todaybusinessupdates.com’s October investigation into Ro’s culture and business, CEO Zachariah Reitano said Derm is on track to generate more than $20 million in revenue by 2021. He also said that non-Roman revenues are growing faster than Roman, reportedly 150% year on year.
Still, it’s unclear if Ro’s recent departure is related to tensions first exposed by current and former employees in October 2021, when the cohort spoke to todaybusinessupdates.com about churn resulting from a frenetic executive strategy. Some describe a culture that prioritizes growth above all else, including the actual efficacy of its products. The company has since addressed some of those criticisms, saying in an internal memo that its “mantra for the rest of the year (and possibly beyond) will be growing with discipline.”
However, as recent data exposure shows, that growth continues to come with volatility, especially for the workforce.