Indianapolis Housing Agency breach exposed data of over 200k residents

A ransomware attack on the Indianapolis Housing Agency exposed Social Security numbers, addresses, and other sensitive data.

Indianapolis Housing Agency (IHA), a federally-funded government housing agency that provides low-income families access to affordable housing, started sending out letters to thousands of affected residents.

According to the letter, IHA noticed “unusual activity” in the organization’s IT systems on October 24, 2022. Later investigation determined that IHA became a victim of a ransomware attack.

The letter IHA sent to users says there’s no evidence that threat actors “actually used or misused” the data they have obtained via the attack.

However, IHA admitted that leaked information may have involved resident names, addresses, and dates of birth.

A breach notification filed with the Office of the Maine Attorney General specifies that the leaked data may include Social Security numbers (SSNs).

Once stolen, SSNs, individual names, and other sensitive data quickly end up on underground marketplaces, where cybercriminals can buy the data to use in whichever way they like.

According to the letter IHA sent to affected residents, the organization will provide identity protection services and a $1m insurance reimbursement policy.

Several recent data leaks involved threat actors stealing user SSNs. Five Guys, the American fast-food chain, had its systems breached with threat actors accessing sensitive employee data.

Other notable names involved in losing personal user data include Nissan North America, Florida Department of Revenue, and Lutheran Social Services of Illinois.