Cyber Incident Victim: Association of National Advertisers

The Association of National Advertisers (ANA) experienced a phishing attack that compromised employee data, as disclosed in a January 24, 2019 letter to former employees. The organization first detected a "possible data security incident" in October 2018, though the exact date of initial compromise remains unspecified in available records. The attack vector involved phishing techniques, though technical specifics regarding the phishing mechanism (such as email content or targeted systems) were not detailed in public disclosures. The incident potentially resulted in unauthorized access to sensitive personally identifiable information (PII) belonging to current and former ANA personnel.

In its January 2019 notification, the ANA confirmed that exposed data included employee names and Social Security numbers, indicating theft of highly sensitive information. The organization did not publicly quantify the number of affected individuals beyond acknowledging impacted "employees" and "former employees." No evidence suggested member organization data or advertiser information was compromised. The breach timeline shows a three-month gap between incident detection (October 2018) and victim notification (January 2019), though the reasons for this delay were not explained in source materials. The ANA's response included direct written notification to former staff but did not disclose whether credit monitoring services or other remediation measures were offered. No subsequent reports confirmed fraudulent use of the stolen data or detailed containment actions taken by the organization.