Cyber Incident Victim: PEI-Genesis, Inc.

On July 3, 2020, PEI-Genesis, Inc. detected suspicious activity within an employee’s email account, prompting immediate credential changes and an internal investigation supported by third-party forensic specialists. The investigation revealed unauthorized access to the compromised email account occurred between June 23, 2020, and July 2, 2020. Following this discovery, PEI-Genesis initiated a comprehensive review of the account’s contents to identify individuals whose sensitive information might have been exposed. This review concluded on December 29, 2020, confirming the scope of potentially affected data and the corresponding individuals. The company found no evidence suggesting unauthorized actors viewed, copied, or misused the exposed information during the intrusion window. PEI-Genesis characterized its notification efforts, initiated in March 2021, as precautionary given the absence of confirmed misuse.

The compromised email account contained varied personal and business information, including names, dates of birth, Social Security numbers, driver’s license numbers, passport numbers, financial account details, payment card information, usernames and passwords, health insurance data, and medical treatment or diagnosis records. Impacted individuals received direct notification detailing the incident’s nature, the categories of exposed data specific to them, and protective measures they could undertake. PEI-Genesis did not publicly disclose the number of affected individuals or the exact mechanism of the email account compromise but emphasized its prompt containment actions upon detection. The incident did not disrupt company operations or broader IT systems beyond the targeted email account. No ransomware, data exfiltration, or secondary attacks were reported in connection with the event.