Hackers breached the Orange County, Calif. branch of the Girl Scouts of America, potentially exposing personal information for 2,800 members and their families.
According to the Girl Scouts of Orange County, an unknown threat actor gained access to an email account operated by the organization and used it to send messages.
The account was compromised from Sept. 30 to Oct. 1, Girl Scouts of Orange County notified every member whose data has been compromised.
“Out of an abundance of caution, we are notifying everyone whose information was in this email account,” Salcido added.
According to GSOC, the account was used in the past to arrange travel for group members and for this reason hackers may have been able to obtain personal data with their account access.
In a letter sent to members, Christina Salcido, vice president of mission operations for GSOC, confirmed that attackers may have accessed to names, birth dates, home addresses, insurance policy numbers and health history for some members.
Experts warn of possible social-engineering-based cyber attacks leveraging the exposed info.
GSOC will improve the security of the portal used to arrange the members’ travels and in response to the incident deleted any email containing their data
(Security Affairs – Orange County, hacking)