A ransomware attack on the Indianapolis Housing Agency exposed Social Security numbers, addresses, and other sensitive data.
Indianapolis Housing Agency (IHA), a federally-funded government housing agency that provides low-income families access to affordable housing, started sending out letters to thousands of affected residents.
According to the letter, IHA noticed “unusual activity” in the organization’s IT systems on October 24, 2022. Later investigation determined that IHA became a victim of a ransomware attack.
The letter IHA sent to users says there’s no evidence that threat actors “actually used or misused” the data they have obtained via the attack.
However, IHA admitted that leaked information may have involved resident names, addresses, and dates of birth.
A breach notification filed with the Office of the Maine Attorney General specifies that the leaked data may include Social Security numbers (SSNs).
Once stolen, SSNs, individual names, and other sensitive data quickly end up on underground marketplaces, where cybercriminals can buy the data to use in whichever way they like.
According to the letter IHA sent to affected residents, the organization will provide identity protection services and a $1m insurance reimbursement policy.
Several recent data leaks involved threat actors stealing user SSNs. Five Guys, the American fast-food chain, had its systems breached with threat actors accessing sensitive employee data.
More from Cybernews:
Subscribe to our newsletter