Health information belonging to certain current and former clients of human Service nonprofit People Inc., in Rochester, N.Y. might have been breached, the organization announced.
Staff at the organization discovered that an unknown individual had gained access to an email account belonging to an employee. People Inc. staff reset the password required to access the impacted account, the organization announced.
An independent forensics firm was engaged to determine what happened and whether personal information was accessed or acquired without authorization as a result of this incident in February. It was learned that an email account belonging to a second employee might also have been impacted. That account is no longer operational.
On April 1, as a result of this investigation, People Inc. learned that the two email accounts contained personal information belonging to some current and former clients. This personal information might have included names, addresses, Social Security numbers, financial account information, medical information, health insurance information, and/or driver’s license or other government identification numbers.
There is no evidence indicating that any information aside from the information contained within the two employee email accounts was impacted in connection with this incident, according to the organization. Likewise, there is no evidence that any of the information potentially involved in this incident has been misused. People Inc. has reported this matter to the Federal Bureau of Investigation (FBI) and will cooperate as necessary to hold the perpetrators accountable.
Notification letters were sent to all potentially impacted individuals on May 29. The letters include information about the incident and about steps that potentially impacted individuals can take to monitor and help protect their personal information. People Inc. established a toll-free call center to answer questions about the incident and to address related concerns.