Cyber Incident Victim: The People Concern

The People Concern, a Los Angeles-based homeless service provider, experienced a security breach involving unauthorized access to employee email accounts. Suspicious activity within these accounts prompted an investigation, which revealed that unauthorized third parties had intermittently accessed the accounts between April 6, 2021, and December 9, 2021. The compromised email accounts contained sensitive personal and health information belonging to community members who had received services through the organization’s programs. Exposed data included individuals’ dates of birth, Social Security numbers, health insurance details, and medical information related to care provided by The People Concern. The breach spanned approximately eight months before being detected through internal monitoring of account activity.

In response to the incident, The People Concern enhanced its email security measures to prevent future unauthorized access. The organization notified affected individuals and offered them complimentary one-year memberships to an identity theft protection and resolution service. According to the HHS Office for Civil Rights breach portal, the incident impacted 7,600 individuals. No additional specifics regarding the exact method of initial access or the identity of the threat actors were disclosed in the available report. The breach investigation focused on securing the compromised accounts and assessing the scope of exposed data without indicating evidence of misuse at the time of disclosure.