Skip to content ↓ | Skip to navigation ↓

A San Diego-based provider of affordable preschool disclosed that a data privacy incident might have affected some customers’ personal information.

In a notice of data breach published on February 5, Educational Enrichment Systems, Inc. (EES) announced that it had suffered a security incident involving an employee’s email account:

On August 30, 2019, EES became aware of unusual activity related to a certain EES employee email account. Upon discovery, EES immediately launched an investigation, with the support of forensic investigators, to determine the nature and scope of the activity. Through this investigation, EES determined that this employee’s email account was accessed without authorization between May 27, 2019 and July 15, 2019.

The investigation found no evidence of anyone having attempted to access or misuse customers’ sensitive information, EES noted. Even so, the preschool provider did find that emails and attachments in the affected employee’s account did contain sensitive data at the time of compromise. Those details might have included a customer’s name, physical address, Social Security Number, financial data and health insurance information.

EES explained in its notice that it responded by notifying customers whose sensitive information appeared in emails and attachments contained within the compromised account. The preschool provider also said that it had decided to offer complimentary access to financial monitoring and identity theft protection services at no cost to affected individuals.

Individuals who have heard from EES might want to consider taking some additional steps to protect themselves against identity thieves. This resource provides some important recommendations.

The incident described above highlights the need for all organizations to strengthen their digital security. One of the ways they can do this is by educating their employees to be on the lookout for a phishing campaign. Towards this end, they should consider educating their employees about some of the most common types of phishing attacks that are in circulation today.