Thousands of individuals may have had their personal information exposed after hackers used a successful phishing attack to springboard to an email server belonging the Kentucky Department for Community Based Services.
How many victims? Approximately 2,500.
What type of personal information? Names, addresses and ID codes used by the agency.
What happened? In July, a DCBS employee responded to a phishing email, allowing attackers to find their way to a database on the agency's server, which contained information on youth who transitioned out of the foster care system due to age.
What was the response? Agency officials immediately disabled the account after detecting unauthorized activity. The Kentucky Cabinet for Health and Family Services (CHFS), which oversees DCBS, notified affected individuals.
Details: Cabinet officials said there was no evidence that sensitive information in the email account was stolen, and that the attacker likely wanted to spam more people though the state's email server.
Source: healthcareitnews.com, Healthcare IT News, “2,500 involved in Kentucky data breach,” Sept. 19, 2012.