Data Breaches

Personal Information Stolen in City of Philadelphia Email Hack

The City of Philadelphia says personal, health, and financial information was stolen in a cyberattack on its email environment.

The City of Philadelphia says personal, health, and financial information was stolen in a cyberattack on its email environment.

The City of Philadelphia has revealed that the information of certain individuals was stolen in a cyberattack earlier this year.

The malicious activity, the city says in an incident notification (PDF) on its website, was initially identified on May 24, and involved its email environment.

According to the city, the investigation into the matter has revealed that an unauthorized party had access to certain city email accounts between May 26 and July 28, and that the information within those accounts was also accessed.

“Also, on August 22, 2023, we became aware that the at-issue email accounts include email accounts that may contain protected health information,” the City of Philadelphia said.

The investigation into the incident is ongoing and the city is reviewing the potentially impacted information manually, to determine the extent of the incident.

To date, the investigation has revealed that personal information (including names, addresses, dates of birth, Social Security numbers), health information (diagnosis and other treatment related information), and financial information might have been compromised in the attack.

Advertisement. Scroll to continue reading.

“The types of information impacted vary by individual,” the incident notification reads.

The city says it has notified the US Department of Health and Human Services of the attack, and that it has also taken steps to improve the security of its network and email systems.

The City of Philadelphia has yet to share details on the number of impacted individuals and whether other types of data were also exposed in the incident.

Related: Salesforce Email Service Zero-Day Exploited in Phishing Campaign

Related: Russian APT Group Caught Hacking Roundcube Email Servers

Related: Email Hack Hits 15,000 Business Customers of Australian Telecoms Firm TPG

Related Content

Data Breaches

Hackers accessed the insurance giant’s policyholder portal multiple times between June 15 and June 25.

Data Breaches

Only a handful of the 100 organizations targeted in the PeopleSoft campaign have been confirmed.

Data Breaches

The ShinyHunters extortion group claims to have stolen 3.1 TB of data from the organization.

Data Breaches

Roughly two dozen companies have notified their customers of the Klue-Salesforce incident impact.

Data Breaches

Over a dozen Klue customers have confirmed that hackers stole data from their Salesforce instances.

Data Breaches

Hackers stole customers’ names, addresses, email addresses, phone numbers, and account information.

Data Breaches

Threat actors gained access to personal and protected health information that Xsolis received from its clients.

Data Breaches

HackerOne, Huntress, Jamf, OneTrust, Recorded Future, Snyk, and Tanium are among the affected Klue customers.

Copyright © 2026 SecurityWeek ®, a Wired Business Media Publication. All Rights Reserved.

Exit mobile version