Chicago-Il-based general agency and benefit administrator Flexible Benefit Service Corporation (Flex) has revealed that a phishing attack resulted in an unauthorized person gaining access to a corporate email account.
The security breach was first noticed on December 6, 2017 when an email account of a company worker was found to be sending phishing emails. The email account was compromised after a single worker replied to a phishing email and disclosed login details to the email account.
An external forensics company was contracted to carry out an investigation into the breach and ascertain the extent of the attacker’s actions. The investigation emphasized the likely intentions of the hacker. Once access to the email account was obtained, the attacker carried searches looking for details of invoices and wire transfers.
This strongly indicates that the focus of the attack was to use the account in a BEC attack rather than obtain access to protected health information. The forensics company could not confirm whether individual email accounts had been accessed or if protected health information was seen. Were that to be the case, the hacker could potentially have viewed data including names, addresses, phone numbers, Social Security numbers, and birth dates.
Flex is a general agency and benefit administrator which has been in operation for approximately 30 years.
People affected by the incident have been offered free identity theft protection, recovery, and credit monitoring services for 12 months. Flex has reacted by strengthening its internal security awareness and anti-phishing training program for workers.