Girl Scouts data breach exposed personal information of 2,800 members
31.10.2019 securityaffairs
Incindent

A Girl Scouts of America branch in California suffered a security breach, hackers accessed data of 2,800 girls and their families.
Hackers breached the Orange County, Calif. branch of the Girl Scouts of America, potentially exposing personal information for 2,800 members and their families.

According to the Girl Scouts of Orange County, an unknown threat actor gained access to an email account operated by the organization and used it to send messages.

Girl Scouts of America branch in California

The account was compromised from Sept. 30 to Oct. 1, Girl Scouts of Orange County notified every member whose data has been compromised.

“Out of an abundance of caution, we are notifying everyone whose information was in this email account,” Salcido added.

According to GSOC, the account was used in the past to arrange travel for group members and for this reason hackers may have been able to obtain personal data with their account access.

In a letter sent to members, Christina Salcido, vice president of mission operations for GSOC, confirmed that attackers may have accessed to names, birth dates, home addresses, insurance policy numbers and health history for some members.

Experts warn of possible social-engineering-based cyber attacks leveraging the exposed info.

GSOC will improve the security of the portal used to arrange the members’ travels and in response to the incident deleted any email containing their data