On November 11, 2021, the Washington State Office of the Attorney General disclosed that Opportunity Council suffered a cybersecurity incident involving unauthorized access to employee email accounts between February 18, 2021, and June 29, 2021. The breach exposed sensitive personal and financial data of 664 Washington residents, including names, Social Security numbers, driver’s license numbers, health information, and financial account details. The incident stemmed from a phishing or credential-compromise attack, allowing threat actors to infiltrate internal systems and exfiltrate confidential records. While the exact method of exploitation (e.g., malware, social engineering) was not specified, the prolonged access period (over four months) suggests a sophisticated and persistent intrusion. The compromised data particularly health and financial records poses significant risks of identity theft, fraud, and long-term reputational harm to affected individuals. The organization likely faced regulatory scrutiny under state data protection laws, requiring breach notifications, credit monitoring for victims, and potential fines. The attack underscores vulnerabilities in email security protocols and the critical need for multi-factor authentication (MFA), endpoint detection, and employee cybersecurity training to prevent similar incidents.
TPRM report: https://www.rankiteo.com/company/oppco
"id": "opp623090125",
"linkid": "oppco",
"type": "Breach",
"date": "2/2021",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 664,
'industry': 'Social Services / Community Development',
'location': 'Washington, USA',
'name': 'Opportunity Council',
'type': 'Non-profit Organization'}],
'data_breach': {'number_of_records_exposed': 664,
'personally_identifiable_information': True,
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Protected Health Information '
'(PHI)',
'Financial Information']},
'date_detected': '2021-11-11',
'date_publicly_disclosed': '2021-11-11',
'description': 'On November 11, 2021, the Washington State Office of the '
'Attorney General reported that Opportunity Council '
'experienced unauthorized access to email accounts between '
'February 18, 2021, and June 29, 2021. A total of 664 '
'Washington residents were affected, with potential exposure '
'of names, Social Security numbers, driver’s license numbers, '
'health information, and financial account information.',
'impact': {'data_compromised': ['names',
'Social Security numbers',
'driver’s license numbers',
'health information',
'financial account information'],
'identity_theft_risk': 'High (PII and financial data exposed)',
'payment_information_risk': 'High (financial account information '
'exposed)',
'systems_affected': ['email accounts']},
'references': [{'date_accessed': '2021-11-11',
'source': 'Washington State Office of the Attorney General'}],
'regulatory_compliance': {'regulatory_notifications': 'Washington State '
'Office of the Attorney '
'General'},
'response': {'communication_strategy': 'Public disclosure via Washington '
'State Office of the Attorney General'},
'title': 'Unauthorized Access to Opportunity Council Email Accounts',
'type': 'Unauthorized Access / Data Breach'}