SC Media reports that Chemonics International, a major contractor for the U.S. Agency for International Development (USAID) has provided notice of a months-long breach that began in May 2023. The unauthorized intrusion and data access reportedly affected 263,136 people. The intrusion was first detected on December 15, 2023, but the intrusion was not successfully terminated until January 9, 2024.
The breach exposed personal information of victims including names, addresses, email addresses, dates of birth, Social Security numbers, driver’s license and state ID information, passport information, U.S. military ID information, tribal ID information, financial information, health and related information, usernames and passwords, biometric information, gender and sexual orientation information.
SC Media reports that it reached out to Chemonics to ask how attackers had access to its systems for more than six months without detection and why unauthorized access continued for another 25 days after they discovered a breach, but they did not receive any response from the firm.
No ransomware group has claimed responsibility for any attack on this firm and as of publication, no data from it has shown up on any of the usual leak sites or markets.
Read more at SC Media.