People Inc. suffered data breach impacting clients’ Protected Health Information

• The compromised email account contained personal information belonging to some current and former clients including names, addresses, Social Security numbers, bank account information, medical information, health insurance information, and driver’s license or other government identification numbers.
• People Inc is offering free identity protection services to all potentially impacted individuals.

A non-profit organization in Western New York, People Inc. suffered a data breach compromising current and former clients’ personal and health information.

What happened?

On February 19, 2019, People Inc. discovered that an unauthorized person gained access to an employee’s email account. Upon further investigation, the organization learned that a second employee’s email account has also been compromised.

What information was involved?

The compromised email account contained personal information belonging to some current and former clients including names, addresses, Social Security numbers, bank account information, medical information, health insurance information, and driver’s license or other government identification numbers.

What was the response?

• Upon learning the incident, People. Inc immediately reset the passwords for the impacted email accounts.
• The NGO conducted a comprehensive investigation to determine the scope and impact of the incident.
• The organization also hired an independent forensics firm to assist them in the investigation.
• It informed the FBI about the incident and notified the potentially impacted individuals on May 29, 2019.
• People Inc is offering free identity protection services to all potentially impacted individuals.

In the notification letters, People.Inc has requested its clients to remain vigilant by reviewing account statements for any suspicious activity.

“We suggest that you review your debit and credit card statements carefully in order to identify any unusual activity. If you see anything that you do not understand or that looks suspicious, you should contact the issuer of the debit or credit card immediately, People.Inc said in the security notice.