[BreachExchange] New York-based Non-Profit People Inc. Suffered Data Breach

Destry Winant destry at riskbasedsecurity.com
Mon Jun 3 09:35:29 EDT 2019 

https://latesthackingnews.com/2019/06/02/new-york-based-non-profit-people-inc-suffered-data-breach/

Another day, another breach. Reportedly, a non-profit organization
based in New York fell prey to a security incident. The firm People
Inc. suffered data breach after losing the integrity of an employee’s
email account to the hackers.

People Inc. Suffered Data Breach

According to the security notice published on their website, the firm
People Inc. suffered a data breach. The incident has supposedly
exposed the personal information of their clients to the attacker.

The non-profit human service company deems the hacking of an
employee’s email account the source of the breach. As stated in their
notice, the agency noticed the data breach in February 2019, when they
spotted unauthorized access to one of their employees’ accounts.
Although, they quickly reset the password for the account. However,
scratching the surface further unveiled another impacted account.

By April 2019, the investigations revealed that the two affected email
accounts contained personal information of the customers. Regarding
the extent of breached details, the notice reads,

This personal information may have included names, addresses, Social
Security numbers, financial account information, medical information,
health insurance information, and/or driver’s license or other
government identification numbers.

Although, the firm has not mentioned the specific number of customers
affected by this incident. Nonetheless, BizJournals hints the number
to be nearly 1000, including present and former clients.

Security Measures Taken

Upon noticing the breach, People Inc. acted quickly to contain the
attack. They immediately reset the password for the first hacked email
account. Whereas, the second one is also now non-operational. After
the incident, the firm sent email notifications on May 29, 2019, to
the customers impacted during the breach. Besides, they also assure no
misuse of the impacted data.

People Inc. has no evidence indicating that any information aside from
the information contained within the two employee email accounts was
impacted in connection with this incident.  In addition, People Inc.
has no evidence that any of the information potentially involved in
this incident has been misused.

More information about the BreachExchange mailing list