People Inc. says an employee email account was the source.
People Inc., one of western New York’s largest non-profit agencies, has revealed a data breach which has exposed sensitive medical information belonging to current and former clients.
This week, the non-profit human services agency said that an employee email account appears to be the source of the leak, in which a vast array of client data has been exposed.
In total, it is reported that up to 1,000 clients may be involved.
People Inc. offers residential care, employment assistant, community outreach programs, healthcare, and recreation schemes for seniors, the vulnerable, and both the families and those who have disabilities.
The non-profit discovered the breach on February 19, 2019. An unknown hacker had managed to infiltrate an email account belonging to an employee of the organization. A second email account may have also been compromised, but People Inc. has not been able to verify whether or not this is the case.
The accounts in question contained personal, sensitive information belonging to clients. Names, addresses, Social Security numbers, financial data, medical information, health insurance details, and government IDs have potentially been compromised and stolen.