On May 3, an intruder compromised the web mail account of an HDSA executive. The purpose was likely to facilitate a fraudulent wire transfer from HDSA’s bank account, as the transfer could only occur if an email sent to the executive’s account was approved.
The attempt failed, as the executive discovered the compromise on May 6 when she couldn’t login to her account.
Although the fraudulent transfer was thwarted, the email account contained the names, addresses, and Social Security numbers of HDSA employees as well as some information on board members, donors and vendors. It is not clear from HDSA’s notification whether there was any evidence that any of the personal information had actually been accessed.
Those affected were notified on or about July 22 and offered a year of free credit monitoring and identity recovery services.