DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Flexible Benefit Service Corporation notifies 5,123 of phishing incident

Posted on March 6, 2018 by Dissent

Illinois-headquartered Flexible Benefit Service Corporation (“Flex”) is a general agency and benefit administrator serving insurance brokers, employers and insurance carriers. As such, they are a Business Associate to HIPAA-covered entities. The follow is from their notification of a security incident that was reported to HHS on February 16, as impacting 5,123 people. Flex does not indicate who the covered entity/health plan was or if members of more than one health plan were affected:

In connection with providing this service, we receive certain personal and protected health information. On December 6, 2017, we learned of phishing emails being sent from a Flex employee’s email account. We took immediate action by immediately changing the employee’s email account credentials and launching an investigation to determine what happened. Third party forensic experts were retained to assist with the investigation. We have determined the Flex employee was the victim of a phishing attack that resulted in their email account credentials being used by unknown individual(s) to gain unauthorized access to the employee’s email account. The investigation shows that the unknown individual(s) searched the email account for emails or attachments containing terms such as “wire transfer,” “wire payment,” and “invoice”. This type of information would not generally be in this employee’s email account. While the only unauthorized activity observed in the account were these searches, we cannot rule out the possibility of the individual(s) gaining access to any specific email or attachment in the account.

What Information Was Involved? Individuals who may have had their information improperly accessed are being sent personalized letters outlining what specific personal data may have been impacted. The personal data that may have been exposed varied, but included data types such as name, address, phone number, Social Security number, and date of birth. We confirmed this issue was contained to a single Flex employee’s email account and did not affect the rest of Flex’s systems.

What We Are Doing. In addition to taking the steps detailed above, Flex is providing those potentially affected with information on how to protect against identity theft and fraud, as well as access to free credit monitoring and identity theft recovery services through ID Experts. Flex is committed to enhancing its ongoing employee training designed to help them identify and properly report potential email phishing scams. Finally, we are providing notice of this event to consumer reporting agencies, state and federal regulators as required.

For More Information. If you have questions that are not answered in this notice, please contact our dedicated assistance hotline at 1-800-547-2519, Monday through Friday from 8:00 a.m. to 8:00 p.m. Eastern Standard Time.

Additional Resources:

[Frequently Asked Questions]
[Steps You Can Take To Protect Against Fraud and Identity Theft]
[Register for Identity Protection Services]

Related posts:

  • Infinity Rehab and Avamere Health Services notify 380,984 patients about breach at Avamere (with updates)
  • Victims of W-2 phishing scams (2017 list)
Category: Health DataPhishingSubcontractorU.S.

Post navigation

← MY: MCMC and security firm ordered to file defence on data leak (Updated)
Insider Threat Seriously Undermining Healthcare Cybersecurity →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems
  • 222,000 customer records allegedly from Manhattan Parking Group leaked
  • Breaches have consequences (sometimes) (1)
  • Kansas City Man Pleads Guilty for Hacking a Non-Profit

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data
  • Sacred Secrets: The Biblical Case for Privacy and Data Protection
  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach
  • Nestle USA Settles Suit Over Job-Application Medical Questions

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.