Data Security Event: Specialized Alternatives for Families & Youth of America, Inc. (Delphos, OH)
Specialized Alternatives for Families & Youth of America, Inc. (SAFY) announced on September 11, 2020, that a data security incident affecting the email accounts of some employees may have permitted the personal information of certain individuals to be accessed by unauthorized parties.
The breach was first discovered after SAFY was alerted to a scam that involved fraudulent job postings on their behalf listed on Indeed.com. Following this discovery, a 3rd party cybersecurity & forensic specialist firm was hired to conduct a thorough internal investigation.
The comprehensive scope of the investigation uncovered the specific SAFY employee accounts which had been compromised. It also found that the unauthorized admissions into SAFYs systems had occurred between February 25th and June 23rd of the same year. Regrettably, the analysis was unable to determine exactly how much information had been illicitly impacted.
However, since the compromised email accounts were known, SAFY was able to determine which segments of sensitive data were affected and the potential pool of individuals who may have been affected. As early as August 27, 2020, SAFY had obtained a final list of victims and confirmed their identities.
In their notice to affected persons, SAFY stated that the full name, as well as other data elements, may have been retrieved. There is no current evidence to suggest that the data has been misused.