Association of National Advertisers suffers a Phishing Attack and possible theft of employee data

Anybody using the Internet should know about "phishing" scams, as currently these phishing scams are on the upsurge and are showing no signs of reduction any time soon. MediaPost has learned that last year (i.e. in 2018), the ANA (Association of National Advertisers) has suffered from a phishing attack that may led to possible theft of the employee data, including the names as well as the social security numbers.

In the January 24 letter, the ANA said to the former employees that they came to know about a "possible data security incident" in October 2018. The ANA also wrote in the letter of January 24, 2019, that they do not know whether the information was used for any fraudulent purpose or not.

"We are writing to tell you about a data security incident that may have exposed some of your personal information. We take the protection and proper use of your information very seriously. For this reason, we are contacting you directly to explain the circumstances of the incident", said ANA in the January 24 letter.

Christine Manna, the Chief Operating Officer and President of ANA, wrote in the letter that "a forensic investigation revealed that an unauthorized user had gained access to the business email account of an ANA employee through what is known as a 'phishing' attack". In the January 24 letter, it was further written that the intruder have accessed the account of employees between August 10, 2018, and October 29, 2018. So, the intruder can download contents of employee's business mailbox in between those days (i.e. August 10, 2018, and October 29, 2018).

Manna added that ANA have arranged identity monitoring services for free through Kroll to the affected individuals.

In a statement, the ANA has confirmed to the MediaPost that one unauthorized individual got electronic access to an employee email account of ANA.

As soon as the ANA came to know about the situation (i.e. the phishing attack), they have taken steps for containing the incident. On an immediate basis, the ANA has reported this incident to the law enforcement and also commenced internal investigation by utilizing third-party forensic investigator.

The organization further added that they have provided fraud protection services as well as credit monitoring services to the people affected by this incident, and "has taken measures to prevent a similar incident from occurring in the future".

» SPAMfighter News - 2/13/2019