Cyber Incident Victim: Click2Mail
Date:
Oct 2019
Location:
United States of America
Summary
A cybersecurity incident involving unauthorized access to a mailing service provider's systems resulted in the compromise of customer personal information, including names, organization names, account mailing addresses, email addresses, and phone numbers. The breach enabled unknown parties to send spam emails using registered users' names and email addresses before the intrusion vector was identified and mitigated. While financial data remained unaffected due to the absence of stored credit card information, the organization engaged cybersecurity professionals to conduct forensic analysis and reinforce security protocols. The company acknowledged the incident with regret and emphasized its commitment to protecting customer privacy through existing policies and procedures.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On October 4, 2019, Click2Mail detected unauthorized activity involving registered users' personal information being exploited to send spam emails. The company identified an intrusion point within its systems that same day and immediately closed the access vector to contain the breach. Technical analysis confirmed the compromise of customer data including names, organization names, account mailing addresses, email addresses, and phone numbers. Notably, the company emphasized that no credit card information was exposed during the incident, as such data was not stored on Click2Mail's infrastructure. The spam campaign served as the primary indicator of compromise, revealing malicious use of legitimate customer contact details.
Following containment, Click2Mail retained a professional cybersecurity firm to conduct a forensic review of its IT systems and security protocols. The company notified affected customers through direct communications signed by Privacy Officer Karla Humphrey, acknowledging the privacy violation and apologizing for the incident. Impacted parties were advised to exercise caution regarding suspicious emails and avoid interacting with unknown senders' links. Click2Mail reiterated its commitment to client privacy protections through existing policies and procedures while undertaking security enhancements. Customer inquiries were directed to a dedicated phone support line (1-866-665-2787) for additional assistance regarding the breach.