People Inc. Suffers Data Breach

Exploit: Employee email account breach
People Inc.: New York’s largest non-profit organization providing services for seniors, families, and individuals with developmental disabilities

Risk to Small Business: 1.555 = Severe: A compromised email account gave hackers access to an extensive amount of client and patient information. Security officials believe that a brute force attack exploited a weak employee password, and a simple password reset secured the account. However, it was later discovered that the company knew of the breach as early as February, which makes their recent acknowledgement of the incident especially alarming.

Individual Risk: 2 = Severe: The compromised email account included vast amounts of client and patient information. Names, addresses, social security numbers, financial data, medical information, health insurance information, and government IDs were all accessible to hackers. This information can quickly spread on the Dark Web, and clients or patients should be vigilant about acquiring identity and credit monitoring services as a precaution against credential misuse.

Customers Impacted: 1,000
How it Could Affect Your Customers’ Business: This incident underscores the importance of cybersecurity best practices in any organization. A simple oversight gave hackers access to a single account, which compromised the information of 1,000 people. Every organization needs to prioritize training and oversight as a cybersecurity must-have. This data breach, like many others, was entirely preventable, and no organization wants to bear the financial and reputational burden of an avoidable oversight.