[BreachExchange] SoPo Nonprofit Told, Unknown Number of Clients Affected by Data Breach

[Destry Winant]

https://www.ehackingnews.com/2020/02/sopo-nonprofit-told-unknown-number-of.html

A South Australian company, PSL Services, also known as Peregrine
Corporation involved in the operation of service stations, convenience
retail outlets and tobacconists recently disclosed a data breach to
Mainebiz.

The company administered from its head office in Kensington Park,
South Australia told that personal data of its employees including
their names, email accounts, some medical information along with other
sensitive information may have been accessed illegally between
December 16 and December 19, 2019. Other information accessed without
authorization includes address, DOB, Driving License Number, Social
Security Number and Identifying Numbers of clients for participation
in Mainecare.

There have been no speculations made by the corporation as to who is
behind the public breach of its confidential data, however, the
officials told in an email that there are chances that the criminal
behind the incident was trying to force the agency in sending funds
electronically which they did not.

Post-incident, the company was subjected to back to back
investigations and it refused to specify the number of employees being
affected. PSL did not provide other details regarding the incident
such as whether the individuals were clients, employees, family
members or others. As per some news releases, PSL came to know about
the breach on 17th December after some suspicious activity was
observed in an employee's email account, it immediately reported the
same to its information services department.

The corporation told that it had “notified the Office of Civil Rights
at U.S. Department of Health and Human Services, the Maine Attorney
General, and prominent news media outlets throughout the state of
Maine."

Referencing from the statements given by Lori Sanville, executive
director, “The contents of a small number of email accounts were
exposed,”

“The number is unknown until the data mining is completed. We will
then contact anyone affected.”

In regard of the same incident, PSL also contracted with a
cybersecurity vendor to further investigate the matter and come up
with security measures, as per Sanville. In addition, she told
Mainebiz, “We want our clients and the community to know that we take
this matter very seriously and that we remain committed to assisting
our clients first and foremost."