Light Dark
June 3, 2019 By David Bisson 2 min read

People Inc., a nonprofit organization based in New York state, traced a recent data breach to compromised employee email accounts.

On May 29, People Inc. disclosed a data breach that involved personal health information (PHI) belonging to its former and current customers. The human services provider said it uncovered the incident back in February when it observed an instance of unauthorized access involving the email account of one of its employees.

Upon discovering the breach, the nonprofit organization reset the password for the affected account and engaged an independent digital forensics firm to figure out what had happened. This investigation found that unknown individuals had compromised two employee accounts containing customer information, including names, Social Security numbers, financial data and medical records.

People Inc. responded to its discovery by sending out notification letters to all affected customers with instructions to help safeguard their information against identity theft and an offer for complimentary identity protection services through Experian. In addition, the organization set up a toll-free call center to answer questions about the incident.

One of Many Recent Incidents Involving Nonprofits

People Inc. isn’t the only nonprofit organization that’s recently suffered a data breach. In March 2019, for instance, CTV News Channel reported that attackers compromised an electronic medical record system used by Natural Health Services and its parent company Sunniva Inc. In the process, they exposed the PHI of about 34,000 medical marijuana patients.

A month later, NBC News reported on a string of attacks against multiple chapters of a nonprofit organization associated with the FBI that exposed members’ personal information.

How to Defend Against an Email-Related Data Breach

Security personnel can help their organizations defend against a data breach by taking a layered approach to email security. This method should use a security information and event management (SIEM) tool, perimeter protection and email scanning tools to defend against digital threats. Additionally, security professionals should leverage threat intelligence streams to remain aware of threat actors who seek to compromise employee accounts via email.

 |  |  |  |  |  |  | 
David Bisson
Contributing Editor

More from

April 17, 2024

What should Security Operations teams take away from the IBM X-Force 2024 Threat Intelligence Index?

3 min read - The IBM X-Force 2024 Threat Intelligence Index has been released. The headlines are in and among them are the fact that a global identity crisis is emerging. X-Force noted a 71% increase year-to-year in attacks using valid credentials.In this blog post, I’ll explore three cybersecurity recommendations from the Threat Intelligence Index, and define a checklist your Security Operations Center (SOC) should consider as you help your organization manage identity risk.The report identified six action items:Remove identity silosReduce the risk of…

April 16, 2024

Obtaining security clearance: Hurdles and requirements

3 min read - As security moves closer to the top of the operational priority list for private and public organizations, needing to obtain a security clearance for jobs is more commonplace. Security clearance is a prerequisite for a wide range of roles, especially those related to national security and defense.Obtaining that clearance, however, is far from simple. The process often involves scrutinizing one’s background, financial history and even personal character. Let’s briefly explore some of the hurdles, expectations and requirements of obtaining a…

April 15, 2024

CISA releases landmark cyber incident reporting proposal

2 min read - Due to ongoing cyberattacks and threats, critical infrastructure organizations have been on high alert. Now, the Cybersecurity and Infrastructure Security Agency (CISA) has introduced a draft of landmark regulation outlining how organizations will be required to report cyber incidents to the federal government. The 447-page Notice of Proposed Rulemaking (NPRM) has been released and is open for public feedback through the Federal Register. CISA was required to develop this report by the Cyber Incident Reporting for Critical Infrastructure Act of…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature