Center for Alternative Sentencing and Employment Services

The Center for Alternative Sentencing and Employment Services, known as CASES, is a United States-based organization that provides services to individuals involved in the justice system. Its core mission, as indicated by its name, focuses on developing and implementing alternative sentencing programs and employment support services. These services are designed to offer structured, community-based options in lieu of traditional incarceration, aiming to reduce recidivism and promote successful reintegration. The organization works directly with clients, managing sensitive personal information that includes clinical treatment details, identification numbers, and other private data necessary for program participation and case management. CASES operates within the social services and criminal justice reform sectors, positioning itself as a provider of rehabilitative solutions that address both sentencing alternatives and workforce development needs for its clientele.

In July 2020, CASES experienced a significant data security incident involving the unauthorized access to multiple employee email accounts over an extended period. The breach compromised a wide array of client information, including names, dates of birth, medical or client identification numbers, and specific clinical treatment details. For a subset of affected individuals, the exposed data also included more sensitive financial and identity information such as health insurance data, financial account numbers, Social Security numbers, or driver’s license numbers. Following the discovery of the breach, the organization engaged external cybersecurity experts to conduct a forensic investigation and determine the scope of the incident. CASES subsequently notified all individuals whose information may have been accessed, established a dedicated support line to address concerns, and offered complimentary credit monitoring services to those whose financial or identity data was potentially exposed. As part of its remediation efforts, the organization implemented specific security enhancements to its digital infrastructure and conducted mandatory staff retraining on email security protocols and data handling procedures to prevent future occurrences. This incident underscores the critical nature of the data CASES maintains and its operational responsibility to protect the privacy of the vulnerable populations it serves.