Capitol learned through a forensic investigation of a phishing email incident that certain emails and attachments had been accessed by an unauthorized person.
Capitol took immediate steps to secure the account, conduct an internal investigation, and enhance the security of its system.
Capitol also engaged a leading cyber security firm to perform an investigation.
The emails and attachments contained member information provided to Capitol in connection with their group health plans.
This information included names and some or all of the following: Social Security numbers, medical information, and/or health insurance numbers.
"id": "CAP11424722",
"linkid": "capitol-administrators-inc.",
"type": "Breach",
"date": "05/2018",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"