Florida Healthy Kids Corporation, a manager of the Florida KidCare program, was recently victimized by a phishing scam. On July 25, 2017, some employees received phishing emails in their inboxes. A few company staff responded to email and unintentionally gave the hackers access to the sensitive data of the KidCare program members. The company only discovered the phishing attack the following day and immediately blocked the access to the compromised email accounts. Even though mitigations to avert the effects of the breach were prompt, the hackers already accessed the email accounts including their sensitive data for around 24 hours.
During this time frame, it’s very likely that emails were viewed and sensitive data duplicated. Despite the fact that no report was received regarding the misuse of the compromised information, it cannot be certain that no information was really stolen.
An examination of the affected email accounts showed that the private data of 2,000 persons was possibly accessed. Florida Healthy Kids Corporation sent notifications by mail to 1,700 persons on September 7, 2017 regarding the potential compromise of their personal data. It was not possible to contact the other 300 persons because there was no valid contact information on record. A substitute breach notification was posted on the healthykids.org website and on the online accounts page of all affected persons so they would know about the breach the next time they login to their accounts.
The information that was possibly compromised include names, phone numbers, addresses, Social Security numbers and family account numbers. Because there was no password disclosed, the hackers were not able to access the Florida KidCare online family accounts. Persons affected by the breach were given credit monitoring services for one year at no cost via LifeLock. Florida Healthy Kids Corporation stated that updates to policies and procedures will be implemented to avert the same breaches from happening again.