Chemonics International is notifying over 260,000 individuals that their personal information was compromised in a year-old data breach.
Chemonics is an international development company based in Washington, D.C. The organization has projects in dozens of countries around the world, in areas such as economic growth, agriculture and food security, conflict and crisis, democracy and governance, education, natural resources and environment, social inclusion, health, supply chains, water, and energy.
The incident was discovered on December 15, 2023, but the attackers lingered in its environment between May 2023 and January 2024, Chemonics says.
“On December 15, 2023, Chemonics became aware of suspicious activity related to certain user accounts. Upon discovery, we enacted our response protocols, including conducting password resets and disabling impacted accounts,” the company announced this week.
Chemonics’ investigation revealed that the attackers had access to certain personal information, including names, addresses, email addresses, dates of birth, driver’s license and other ID information, and Social Security numbers.
Financial and health information, account credentials, biometric data, and signatures were also compromised during the incident, the company says, adding that it is not aware of the misuse of this information.
Chemonics says it has strengthened email security and multi-factor authentication, deployed additional endpoint security solutions, and started blocking suspicious traffic to improve its overall security stance.
This week, Chemonics informed the Maine Attorney General’s Office that 263,136 people were affected. The company is providing them with 24 months of free identity protection and credit monitoring services.
Related: Ford Blames Third-Party Supplier for Data Breach
Related: Hacker Claims Major Chinese Citizens’ Data Theft
Related: Data of 7 Million OpenSubtitles Users Leaked After Hack Despite Site Paying Ransom
