Ohio-headquartered The Millennia Companies are involved in housing management. On some date that this site does not yet know, they learned that there had been unauthorized access to some employee email accounts between October 21, 2019 and
December 18, 2019.
“The Millennia Companies immediately launched an investigation in
consultation with outside cybersecurity professionals who regularly investigate and analyze these types of situations to analyze the extent of any compromise of the email accounts and the security of the emails and attachments contained within them,” they write.
Their investigation and review concluded on May 27, 2021, and revealed that the compromised accounts
contained a limited amount of personal information, including full names and one or more of the following: Social Security numbers, driver’s license numbers, state identification numbers, individual taxpayer identification numbers, passport numbers, credit or debit card information, financial account information, username and password for one or more online accounts, and limited medical information (treatment, diagnosis, medical record numbers, patient account numbers, Medicare or Medicaid information and health insurance identification numbers).
Not all affected individuals had each of these data points impacted. Notifications were mailed to individuals on June 29.
You can read the remainder of their notification on The Millennia Companies web site.
DataBreaches.net emailed the firm to ask when they first discovered that employee email accounts had been compromised and how they first discovered it, because it seems that personal information has been in some threat actor’s hands since 2019. So when did they discover this and how? DataBreaches.net has received no reply as of the time of publication.