Security News > 2023 > October > City of Philadelphia discloses data breach after five months

The City of Philadelphia is investigating a data breach after attackers "May have gained access" to City email accounts containing personal and protected health information five months ago, in May. While officials discovered the incident on May 24 following suspicious activity in the City's email environment, the investigation found that the threat actors may have accessed emails in the compromised email accounts for at least two months after the City became aware of the incident.

"However, to date, the investigation determined that between May 26, 2023 and July 28, 2023, an unauthorized actor may have gained access to certain City email accounts and certain information contained therein," the breach notice says.

Demographic information, such as name, address, date of birth, social security number, and other contact information; medical information, such as diagnosis and other treatment-related information; and limited financial information, such as claims information.

City officials are yet to provide details on how the attackers breached the City's email accounts and the reasons behind the delay in disclosing the incident for five months.

As reported by The Philadelphia Inquirer, the City's Department of Behavioral Health and Intellectual Disability Services also disclosed a HIPAA breach in June 2020 after the personal health information of individuals it served was compromised following a March phishing attack.

Casio discloses data breach impacting customers in 149 countries.

News URL

https://www.bleepingcomputer.com/news/security/city-of-philadelphia-discloses-data-breach-after-five-months/