Thousands of members of the Girl Scouts in California may have had their personal information stolen after one of its official email accounts was accessed by an unauthorized third party last month.
Reports suggest that as many as 2800 girl scouts in Orange County may have been affected in an incident which lasted just a day.
Affected information could include names, email and home addresses, driver’s license details, insurance policy numbers and health history information.
Those hit by the breach were contacted last week.
They were told that the attack began on September 30 when an unauthorized third party gained access to an official Girl Scouts Orange County Travel email account, which was used to “send emails to others” — presumably phishing emails.
“Some of the emails stored in this account, which included emails with dates as far back as 2014 through October 1, 2018, contained information about our members,” the note explained. “Out of an abundance of caution, we are notifying everyone whose information was in this email account.”
The anonymous third party had access to the account for only one day from September 30 to October 1 this year.
Identity data belonging to children is particularly attractive to hackers as it can often be monetized more easily before the alarm is raised.
That’s because there are often limited financial records associated with the identities of minors, making it easier to open new fake accounts in their name.
In 2017, over a million US children were affected by identity fraud, resulting in losses of $2.6 billion and families forced to pay $540 million, according to research from Javelin Strategy & Research earlier this year.
The report claimed that 60% of child identity fraud victims know the fraudster, versus just 7% of adult victims.