Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Breaches

Personal Information Stolen in City of Philadelphia Email Hack

The City of Philadelphia says personal, health, and financial information was stolen in a cyberattack on its email environment.

The City of Philadelphia has revealed that the information of certain individuals was stolen in a cyberattack earlier this year.

The malicious activity, the city says in an incident notification (PDF) on its website, was initially identified on May 24, and involved its email environment.

According to the city, the investigation into the matter has revealed that an unauthorized party had access to certain city email accounts between May 26 and July 28, and that the information within those accounts was also accessed.

“Also, on August 22, 2023, we became aware that the at-issue email accounts include email accounts that may contain protected health information,” the City of Philadelphia said.

The investigation into the incident is ongoing and the city is reviewing the potentially impacted information manually, to determine the extent of the incident.

To date, the investigation has revealed that personal information (including names, addresses, dates of birth, Social Security numbers), health information (diagnosis and other treatment related information), and financial information might have been compromised in the attack.

Advertisement. Scroll to continue reading.

“The types of information impacted vary by individual,” the incident notification reads.

The city says it has notified the US Department of Health and Human Services of the attack, and that it has also taken steps to improve the security of its network and email systems.

The City of Philadelphia has yet to share details on the number of impacted individuals and whether other types of data were also exposed in the incident.

Related: Salesforce Email Service Zero-Day Exploited in Phishing Campaign

Related: Russian APT Group Caught Hacking Roundcube Email Servers

Related: Email Hack Hits 15,000 Business Customers of Australian Telecoms Firm TPG

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more.

Register

This year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.

Register

People on the Move

Tracey Mustacchio has joined Everfox as Chief Marketing Officer.

Mark Carter has been appointed Chief Information Security Officer at Socure.

Spektrum Labs has named Mark Cravotta Chief Operating Officer.

More People On The Move

Expert Insights

Four decades of incident response experience suggest that exploits are often the symptom, not the root cause, of today’s cybersecurity failures.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.