Light Dark
June 3, 2019 By David Bisson 2 min read

People Inc., a nonprofit organization based in New York state, traced a recent data breach to compromised employee email accounts.

On May 29, People Inc. disclosed a data breach that involved personal health information (PHI) belonging to its former and current customers. The human services provider said it uncovered the incident back in February when it observed an instance of unauthorized access involving the email account of one of its employees.

Upon discovering the breach, the nonprofit organization reset the password for the affected account and engaged an independent digital forensics firm to figure out what had happened. This investigation found that unknown individuals had compromised two employee accounts containing customer information, including names, Social Security numbers, financial data and medical records.

People Inc. responded to its discovery by sending out notification letters to all affected customers with instructions to help safeguard their information against identity theft and an offer for complimentary identity protection services through Experian. In addition, the organization set up a toll-free call center to answer questions about the incident.

One of Many Recent Incidents Involving Nonprofits

People Inc. isn’t the only nonprofit organization that’s recently suffered a data breach. In March 2019, for instance, CTV News Channel reported that attackers compromised an electronic medical record system used by Natural Health Services and its parent company Sunniva Inc. In the process, they exposed the PHI of about 34,000 medical marijuana patients.

A month later, NBC News reported on a string of attacks against multiple chapters of a nonprofit organization associated with the FBI that exposed members’ personal information.

How to Defend Against an Email-Related Data Breach

Security personnel can help their organizations defend against a data breach by taking a layered approach to email security. This method should use a security information and event management (SIEM) tool, perimeter protection and email scanning tools to defend against digital threats. Additionally, security professionals should leverage threat intelligence streams to remain aware of threat actors who seek to compromise employee accounts via email.

 |  |  |  |  |  |  | 
David Bisson
Contributing Editor

More from

April 30, 2024

AI cybersecurity solutions detect ransomware in under 60 seconds

2 min read - Worried about ransomware? If so, it’s not surprising. According to the World Economic Forum, for large cyber losses (€1 million+), the number of cases in which data is exfiltrated is increasing, doubling from 40% in 2019 to almost 80% in 2022. And more recent activity is tracking even higher.Meanwhile, other dangers are appearing on the horizon. For example, the 2024 IBM X-Force Threat Intelligence Index states that threat group investment is increasingly focused on generative AI attack tools.Criminals have been…

April 29, 2024

The major hardware flaw in Apple M-series chips

3 min read - The “need for speed” is having a negative impact on many Mac users right now. The Apple M-series chips, which are designed to deliver more consistent and faster performance than the Intel processors used in the past, have a vulnerability that can expose cryptographic keys, leading an attacker to reveal encrypted data. This critical security flaw, known as GoFetch, exploits a vulnerability found in the M-chips data memory-dependent prefetcher (DMP). DMP’s benefits and vulnerabilities DMP predicts memory addresses that the…

April 25, 2024

NIST’s role in the global tech race against AI

4 min read - Last year, the United States Secretary of Commerce announced that the National Institute of Standards and Technology (NIST) has been put in charge of launching a new public working group on artificial intelligence (AI) that will build on the success of the NIST AI Risk Management Framework to address this rapidly advancing technology.However, recent budget cuts at NIST, along with a lack of strategy implementation, have called into question the agency’s ability to lead this critical effort. Ultimately, the success…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature