In a statement released this week, Habitat for Humanity Colorado (HFHC) said that it has spent months dealing with a “significant and malicious data breach” that “has severely handicapped our ability to efficiently conduct business.”
Habitat for Humanity, of course, is the non-profit charity group started in 1976 that builds affordable housing for low income families in the U.S. and elsewhere. According to a FAQ ([spam URL stripped]), the incident in question began with a ransomware malware infection in “late June” that targeted a server in HFHC’s main office in Lakewood Colorado. That server, HFHC said, was “connected to the Internet” and thus a target of attack by cyber-criminal groups operating from outside the U.S.
The incident continued for months “hijacking” the attention of the group. Because it works directly with would-be homeowners, HFHC stored a wealth of data including a customer’s names, Social Security Numbers, driver’s license numbers and so on. Information on HFHC employees was also stored on the server. In all, only around 250 individuals were affected – small potatoes, especially with news of the massive breach at Yahoo Inc. that affected some 500 million accounts.
“While there is no evidence that any of your personal information was taken; we only know that hackers may have viewed it,” HFHC said. The group is working with the FBI and has offered credit and identity theft monitoring for affected customers.
Link to Original Source