In a statement, People Inc. announced that personal information had been exposed after two employee email accounts had been breached.
The non-profit organisation discovered the breach on February 19, 2019 whereby an unknown individual had gained access to an email account belonging to an employee at People Inc. Once identified, People Inc. immediately reset the password of the impacted account and went on to engage with an independent forensics firms to determine whether personal information had been accessed.
Following an investigation, it was identified that a second email account belonging to a second employee may have also been impacted. Both email accounts contained the personal information of current and former clients.
The personal information may have included names, addresses, Social Security numbers, financial information, medical information, health insurance information, and driver’s license data.
In a statement People Inc wrote:
“People Inc. has no evidence indicating that any information aside from the information contained within the two employee email accounts was impacted in connection with this incident.
“In addition, People Inc. has no evidence that any of the information potentially involved in this incident has been misused. People Inc. has reported this matter to the FBI and will cooperate as necessary to hold the perpetrators accountable.”
Adam Laub, senior vice president at STEALTHbits said:
“Email is one of the largest repositories of unstructured data within any organization. Between the messages themselves and the attachments contained within them, email provides a treasure trove of data for external attackers and malicious insiders alike.”
“Technologies retention policies can help to reduce the amount of valuable data made readily available in a breach scenario, but proactive identification of where sensitive information exists within mailboxes can help organizations determine where the hotspots are and which users may need more advanced protections.
“Every business could benefit from this sort of analysis as it’s often an eye-opening experience on just how vulnerable they are.”
Join our free-to-attend digital event, Last Thursday in Privacy, addressing data protection, privacy and security challenges including working from home, COVID-19, global regulations and more. Visit https://digital.privsec.info/.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.