Major USAID contractor Chemonics says 263,000 affected by 2023 data breach
2024-12-6 04:1:13 Author: therecord.media(查看原文) 阅读量:5 收藏

A large contractor for the U.S. government said a 2023 cyberattack exposed the critical personal information of more than 263,000 people.

Chemonics, an international development firm with $1.4 billion in U.S. government contracts, announced the incident this week — notifying regulators in several states and posting a notice on its website. 

The company said it discovered suspicious activity on December 15 and launched an investigation that revealed hackers had been in its systems since May 30, 2023 and continued to have access until January 9, 2024.

Chemonics declined to comment about why the company waited more than a year to notify victims but said the investigation “took time to complete.”

“Due to the sensitive nature of this issue, we’re not able to share a detailed response to your question,” a spokesperson said. “We continue to closely monitor our systems for any unusual activity.  There is no ongoing unauthorized access, and the incident has been contained and remediated.”

The information stolen includes Social Security numbers, state ID information, passports, U.S. military ID information, health information, biometric data and even signatures. 

The company said it is providing credit monitoring services but noted that access will be “based on the personal information that was potentially impacted.”

Filings with regulators in Maine said 263,136 people were impacted. 

Founded in 1975, Chemonics works in more than 70 countries around the world with about 4,000 experts providing capacity building services focused on food security, healthcare, democracy and governance, trade, education and more. 

It has received billions through contracts with the Agency for International Development (USAID) over the last decade.

At least one law firm said on Thursday that it is investigating a class action lawsuit related to the data breach. 

Chemonics is the latest major U.S. government contractor impacted by a cybersecurity incident. Another major contractor for the U.S. government, ENGlobal Corporation, warned regulators earlier this week that a ransomware attack was limiting its operations. 

In June, two federal contractors paid a total of $11.3 million in civil penalties to the U.S. government after admitting they failed to properly test the cybersecurity of a system for providing financial assistance to low-income people in New York during the COVID-19 pandemic.

Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Jonathan Greig

Jonathan Greig

is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.


文章来源: https://therecord.media/chemonics-data-breach-usaid-contractor
如有侵权请联系:admin#unsafe.sh