Cyber Incident Victim: Manquen Vance
Date:
Nov 2020
Location:
United States of America
Summary
Manquen Vance, a Michigan-based health plan broker specializing in municipal clients, experienced a security incident involving unauthorized access to an employee's email account over a multi-week period. The breach exposed individuals' names, Social Security numbers, and health insurance information. The organization detected suspicious activity, secured the compromised account promptly, and initiated an investigation which confirmed the intrusion but did not identify specific email or attachment access. Notification letters were distributed to potentially affected parties approximately five months following discovery of the incident.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On November 16, 2020, Manquen Vance, operating as Cornerstone Municipal Advisory Group, detected suspicious activity within an employee's email account. The Michigan-based health plan broker and consultant specializing in municipal clients immediately reset the compromised account credentials and initiated an internal investigation to assess the incident's scope. Forensic analysis determined that unauthorized actors had accessed the email account during a 16-day period spanning from November 1 to November 16, 2020. Investigators could not confirm whether specific emails or attachments were viewed or exfiltrated during this window. The compromised email account contained sensitive member information including full names, Social Security Numbers, and health insurance details.
Manquen Vance began notifying affected individuals through mailed letters on April 2, 2021 – nearly five months after detecting the breach. The notification described the email account intrusion timeframe but did not disclose technical details about the attack vector or whether multi-factor authentication protected the compromised account. No evidence suggested misuse of the exposed data at the time of notification. The company's public disclosure emphasized its municipal client specialization but did not specify the number of impacted individuals or identify affected client organizations. Forensic investigators concluded the unauthorized access period without identifying subsequent malicious activity within the email system after credential reset.