Cyber Incident Victim: National Domestic Workers Alliance

In October 2014, the National Domestic Workers Alliance (NDWA), an organization advocating for standardized domestic worker legislation across U.S. states and nationally, experienced an unauthorized intrusion into its email system. The breach exposed personally identifiable information and financial details belonging to some employees. Upon discovering the unauthorized activity, NDWA promptly initiated a forensic investigation to determine whether personal data had been accessed. The compromised email accounts contained sensitive information including social security numbers, deposit account numbers, and insurance enrollment details. By October 16, 2014 (referenced as the Thursday prior to the October 20 article date), NDWA began notifying affected individuals via letters signed by Finance and Operations Director Tara Ellison. These communications outlined the types of exposed data and acknowledged the intrusion’s occurrence, though investigators could not conclusively confirm whether attackers had exfiltrated specific records.

The organization advised impacted employees to contact their financial institutions and place fraud alerts on their accounts to complicate unauthorized credit applications. NDWA offered affected individuals a one-year complimentary membership to identity protection services as a remedial measure. The forensic investigation’s inability to verify data access left residual uncertainty regarding the exact scope of potential misuse. No external attacker motives, techniques, or attribution details were disclosed in the notification letters or subsequent public statements. The incident primarily risked financial fraud and identity theft against employees whose banking and insurance information resided in the breached email accounts, with no mention of compromised member or donor data. NDWA’s response focused on individual mitigation steps rather than systemic changes to its email infrastructure.