[BreachExchange] Up to 2, 100 customer accounts exposed in WHEDA hack

Nora Butkovich nora at riskbasedsecurity.com
Fri Oct 11 16:16:43 EDT 2019 

https://madison.com/wsj/news/local/govt-and-politics/up-to-customer-accounts-exposed-in-wheda-hack/article_2d8a1ec8-b4cc-582b-b4ed-5e9d4a298c8a.html

The Wisconsin Housing and Economic Development Authority (WHEDA) reported
Friday that personal information of more than 2,000 people may have been
exposed through a data breach.

WHEDA Executive Director Joaquín Altoro said an investigation confirmed
that an unauthorized third party gained entry into as many as three WHEDA
email accounts, which may have allowed access to personal information,
including names, social security numbers, drivers license numbers and bank
accounts, for about 2,100 customers who applied for single-family loans.

WHEDA, an independent state authority not funded by tax dollars, said the
attack occurred around Aug. 22 and was discovered Aug. 26. The agency’s
information technology staff disabled access to the compromised accounts,
began an investigation and alerted law enforcement officials.

“This is the first time this has ever happened at WHEDA, and we take this
very seriously,” Altoro said in a written statement. “We regret that this
happened and will work with those affected to reduce any chances for
negative impacts.”

WHEDA said it is unaware of any misuse of customer information as a result
of this incident but will provide one year of identity theft protection and
insurance as well as credit monitoring at no charge to impacted customers
through Experian IdentityWorksSM.

Altoro said WHEDA has tried to reach all potentially affected customers as
well as financial institutions that work with the WHEDA mortgage program.
Customers can call 1-833-704-9390 with questions.

Altoro said WHEDA will continue to monitor the potentially compromised
accounts and will work to further increase security around its email system.

WHEDA works with lenders to provide low-cost financing for housing and
small business development in Wisconsin.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20191011/553521ed/attachment.html>

More information about the BreachExchange mailing list