Cyber Incident Victim: SundaySky

On January 8, 2023, SundaySky Inc. identified unauthorized access to its U.S. cloud-based servers, prompting immediate containment measures. The company secured its systems, notified law enforcement agencies, and initiated a forensic investigation to determine the scope and nature of the incident. The investigation confirmed that an unauthorized actor had copied certain files containing consumer information from SundaySky's environment. While the company did not disclose the exact intrusion method or duration of unauthorized access prior to detection, it verified that the compromised data included consumers' first names, personal email addresses, and Healthcare Savings Account-related information. No evidence suggested the exposure of full names, Social Security numbers, or financial account numbers beyond HSA details. The breach impacted 37,095 individuals, as documented in the company's filing with the U.S. Department of Health and Human Services Office for Civil Rights (HHS-OCR) on March 7, 2023.

SundaySky completed its review of affected files in early March 2023, confirming the specific data elements involved and identifying impacted consumers. The company began mailing individualized breach notification letters to all affected parties on March 7, 2023, consistent with regulatory requirements. No ransomware deployment or financial extortion demands were mentioned in available disclosures. As a New York-based software provider founded in 2007, SundaySky specializes in video experience platforms for business clients, maintaining additional offices in Tel Aviv and Tokyo. The breach did not disrupt core business operations, with the company continuing to serve its enterprise customers throughout the incident response process. No subsequent attacks or additional data exposures related to this incident have been reported following the containment actions implemented on January 8.