• by Wendy Davis  @wendyndavis, January 31, 2019

The Association of National Advertisers suffered a phishing attack last year that may have resulted in the theft of employee data, including names and social security numbers, MediaPost has learned.

The ANA said in a January 24 letter to former employees that it learned last October of a “possible data security incident.”

“A forensic investigation revealed that an unauthorized user had gained access to the business email account of an ANA employee through what is known as a 'phishing' attack,” ANA President and Chief Operating Officer Christine Manna wrote. “The intruder accessed the employee's account from August 10, 2018 to October 29, 2018 and had the ability to download the contents of the employee's business mailbox during that time.”

Manna added that the ANA arranged for free identity monitoring services through Kroll to affected individuals.

The ANA confirmed in a statement to MediaPost that an “unauthorized individual gained electronic access to the ANA email account” of an employee.

“Immediately after the ANA became aware of the situation, it took steps to contain the incident,” the organization stated. “The ANA immediately reported the incident to law enforcement, and commenced an internal investigation, utilizing a third-party forensic investigator.”

The organization added that it has provided credit monitoring and fraud protection services to people affected by the incident, and “has taken measures to prevent a similar incident from occurring in the future.”