AllOne Health Resources, Inc. Discovers Data Breach After Accidentally Transferring Money To Fraudulent Bank Account | Console and Associates, PC
Recently, AllOne Health Resources, Inc. confirmed that the company suffered a data breach after an unauthorized party gained access to sensitive consumer data contained on AllOne Health’s network. Obviously, AllOne Health discovered the breach after realizing they had wired money to a fraudulent bank account. This prompted the company to investigate the incident, which revealed that an unauthorized party had gained access to an employee’s email account. According to AllOne Health, the breach resulted in the names, addresses, dates of birth, driver’s license numbers, social security numbers and health information of 13,669 people being made accessible to an unauthorized party. On July 15, 2022, AllOne Health filed a formal notice of breach and sent data breach letters to all affected parties.
If you have received a data breach notification, it is essential that you understand what is at risk and what you can do about it. To learn more about how to protect yourself from fraud or identity theft and what legal options are available to you following the AllOne Health Resources data breach, please see our recent article on the subject. here.
What led to the AllOne Health Resources data breach?
According to an official notice filed by the company, in February 2022, AllOne Health’s finance department learned that several wire transfers had been inadvertently sent to a fraudulently created bank account. After making this discovery, the company reported the fraud to the FBI and launched an internal investigation into the incident.
During this investigation, AllOne Health learned that an unauthorized party gained access to an employee’s email account, which they used to perpetrate the fraud. This prompted the company to review all emails and attachments from the compromised email account to determine if any customer data was also accessible to the unauthorized party.
After a thorough review of the employee’s email account, AllOne Health confirmed that an unauthorized party had access to the email account, which contained sensitive consumer data t. The investigation also determined that the unauthorized party had access. Although the information disclosed will vary depending on the individual, it may include your name, address, date of birth, driver’s license number, social security number, and health information. In total, the AllOne Health data breach reportedly affected 13,669 people.
On July 15, 2022, AllOne Health Resources sent data breach letters to everyone whose information was compromised as a result of the recent data security incident.
AllOne Health Resources, Inc. is an insurance company based in Wilkes-Barre, Pennsylvania. Founded in 1971, AllOne Health provides mental health and general health benefits to more than one million employees worldwide. AllOne Health Resources employs over 323 people and generates approximately $112 million in annual revenue.
Email cyberattacks continue to plague US businesses
It looks like AllOne Health was pretty candid in how they found out about the recent data breach. However, one fact the company overlooked is how the unauthorized party gained access to the email account containing the consumer’s data. Email cyberattacks can occur in different ways; however, the most common way hackers use to get an employee’s email account login credentials is through phishing.
Phishing is a type of cyberattack that uses social engineering principles to trick an employee into providing the hacker with the information needed to gain access to the company’s computer system. Phishing attacks start with the attacker sending a seemingly legitimate email; however, they are anything but legit. In most cases, hackers either ask the recipient of the email to provide their login credentials or click on a malicious link.
Once a cybercriminal has collected information through a phishing attack, they can use it to gain access to the organization’s network, where all sensitive information is stored. Often hackers target companies that they know have valuable data that they can then sell or use to commit identity theft or other fraud, such as bank account numbers, card numbers credit card, social security numbers or protected health information.
While a company is certainly among the victims following a phishing attack, the real victims are those whose information is stolen in these cyberattacks. These are the people who have to deal with the consequences of identity theft which, on average, takes months of work and hundreds of dollars to solve.
Businesses are aware of phishing attacks and the threats they pose to consumers. However, phishing attacks remain the most common and successful type of cyber attack. It is imperative that companies take the necessary steps to educate their employees about phishing. These attacks are preventable and companies are in the best position to prevent them.