Fedcap Rehabilitation is in the process of notifying 2,200 individuals of a data security incident which may have seen their confidential information compromised.
New York-based provider of vocational training and employment resources, is alerting 2,158 current and former clients about a recent security breach.
In May 2019, Fedcap Rehabilitation, a New York-based provider of vocational training and employment resources, discovered a fraudulent wire transfer has occurred. Investigators immediately launched an enquiry into the incident, and on May 28, 2019, they determined that an unauthorized individual had gained access to several employee email accounts.
With the help of a leading third-party cyber forensics organization, Fedcap discovered that the unauthorized individual had gained access to employee email accounts between September 20, 2018, and January 27, 2019.
Although the primary aim of the hacker appears to have been to commit wire transfer fraud, the employee email accounts contained confidential information about Fedcap clients. Therefore, the hacker may have viewed this confidential information.
Fedcap and its forensic investigators reviewed the emails and attachments in the affected accounts. They determined that the types of information affected by the breach includes client names, dates of birth, Social Security numbers, driver’s license numbers, passport numbers, bank account and routing numbers, payment card information, medical history, diagnoses, medication and medical treatment information, healthcare provider names, and health insurance member and group members.
Fedcap has not uncovered any evidence to suggest that the unauthorized individual has copied, altered, or exfiltrated this information. However, as some of the information stored on the account is highly sensitive and has the potential to be used in fraud, Fedcap decided to treat the incident as a data breach.
Fedcap sent breach notification letters to all 2,158 affected individuals on August 29, 2019. The organization has also established a dedicated call center which individuals can contact should they require more information about the breach.
Individuals whose Social Security numbers or drivers license numbers were compromised in the breach have been offered complimentary credit monitory and identity theft protection services.
In the Notice of Data Security Incident placed on their website, Fedcap stated: ‘Fedcap regrets any inconvenience or concern this may cause. Fedcap has taken steps to help prevent a similar incident from occurring in the future, including the implementation of multi-factor authentication for email, as well as additional procedures to further expand and strengthen its security processes.’
Fedcap has advised all clients affected by the breach to monitor their accounts for any signs of fraud carefully and contact the relevant authorities at the first instance should any suspicious activity be detected.