A Girl Scouts of America branch in Orange County, California, has suffered a security breach potentially exposing the sensitive personally identifiable information (PII) of thousands of minors.
Unidentified hackers were able to log into the email account used to coordinate travel for its members. Sensitive PII extended as far back as 2014 and included name, date of birth, email, address, driver licence, health history and insurance policy details.
Following the compromise, hackers used the same account to send out emails of their own. The content of the emails has not been revealed but they were likely attempted spear-phishing attacks on members.
According to the UK’s Charity Digital News[NP1], the number of reports of data breaches among charities has doubled over the last two years with education and childcare organisations reporting a 142% increase.
Fraudsters can use children’s details to make financial applications and create a credit history for the child whose identity they’ve stolen. Children typically do not have credit records, so it is likely that any activity surrounding the identity theft will remain undetected for a long time.
UK based technology professional, with an interest in computer security and telecoms.