5,123 Individuals Impacted by Flexible Benefit Service Corporation Breach

By Elizabeth Hernandez

Chicago-Il-based general agency and benefit administrator Flexible Benefit Service Corporation (Flex) has revealed that a phishing attack resulted in an unauthorized person gaining access to a corporate email account.

The security breach was first noticed on December 6, 2017 when an email account of a company worker was found to be sending phishing emails. The email account was compromised after a single worker replied to a phishing email and disclosed login details to the email account.

An external forensics company was contracted to carry out an investigation into the breach and ascertain the extent of the attacker’s actions. The investigation emphasized the likely intentions of the hacker. Once access to the email account was obtained, the attacker carried searches looking for details of invoices and wire transfers.

This strongly indicates that the focus of the attack was to use the account in a BEC attack rather than obtain access to protected health information. The forensics company could not confirm whether individual email accounts had been accessed or if protected health information was seen. Were that to be the case, the hacker could potentially have viewed data including names, addresses, phone numbers, Social Security numbers, and birth dates.

Flex is a general agency and benefit administrator which has been in operation for approximately 30 years.

People affected by the incident have been offered free identity theft protection, recovery, and credit monitoring services for 12 months. Flex has reacted by strengthening its internal security awareness and anti-phishing training program for workers.

Twitter Facebook LinkedIn Reddit Link copied to clipboard
Elizabeth Hernandez works as a reporter for NetSec.news. Her journalism is centered on IT compliance and security. With a background in information technology and a strong interest in cybersecurity, she reports on IT regulations and digital security issues. Elizabeth frequently covers topics about data breaches and highlights the importance of compliance regulations in maintaining digital security and privacy. Follow on X: https://twitter.com/ElizabethHzone