14 DAY TRIAL // Phoenix House has fallen victim to an incident carried out by an insider, who made unauthorized changes to the payrol systems of the organization and accessed private information of current and former employees.
The individual had been contracted to run some payroll activities for the non-profit entity, but he expanded the activity to accessing confidential data.
Phoenix House is a non-profit organization focused on drug and alcohol rehabilitation. It has operations in ten states, where 150 programs are initiated.
The organization learned about the intrusion on December 22, 2014, but the individual, whose services have been terminated, accessed the info three days earlier.
Following an investigation into the incident, Phoenix House determined that the data exposed consisted of names, addresses, social security numbers, salary and benefit details.
At the moment, there is no evidence that the information has been misused, but since the data can be used for fraudulent activities, the organization is offering all affected people free subscription to an identity protection service for one year.
Michael Berkowitz, Senior VP of the organization, says that Phoenix House will conduct a security audit to check if practices and procedures for handling sensitive information are adequate and minimize the risk of cyber-attack to the lowest level possible.