The Association of
National Advertisers suffered a phishing attack last year that may have resulted in the theft of employee data, including names and social security numbers, MediaPost has learned.
The ANA said
in a January 24 letter to former employees that it learned last October of a “possible data security incident.”
“A forensic investigation revealed that an unauthorized user
had gained access to the business email account of an ANA employee through what is known as a 'phishing' attack,” ANA President and Chief Operating Officer Christine Manna wrote. “The
intruder accessed the employee's account from August 10, 2018 to October 29, 2018 and had the ability to download the contents of the employee's business mailbox during that time.”
Manna
added that the ANA arranged for free identity monitoring services through Kroll to affected individuals.
The ANA confirmed in a statement to MediaPost that an “unauthorized individual
gained electronic access to the ANA email account” of an employee.
“Immediately after the ANA became aware of the situation, it took steps to contain the incident,” the
organization stated. “The ANA immediately reported the incident to law enforcement, and commenced an internal investigation, utilizing a third-party forensic investigator.”
The
organization added that it has provided credit monitoring and fraud protection services to people affected by the incident, and “has taken measures to prevent a similar incident from occurring
in the future.”
