Breach of the Week: Girl Scouts

What happened:

An unknown party gained access to the Girl Scouts of Orange County organization’s email account last month. Around 2,800 members of the Girl Scouts tribe received a letter about the breach of personal information.

Information accessed includes names, birth dates, home addresses, insurance policy numbers, and health history.  The information was kept for travel purposes and includes members dating back to 2014. The spokeswoman for Girl Scouts of Orange County said that the majority of information stored was nonsensitive with only 300 being categorized as sensitive.

The breach likely occurred from September 30 to October 1.  On September 30 non-Girl Scout related emails were sent out to members, which alerted staff members that a breach occurred.  On the day of detection the organization changed the password and removed all personal information, it is now secure.  In addition to informing members, the organization notified the California attorney general’s office of the breach and suggested that members place fraud alerts on their accounts.