Chemonics International says hackers compromised over 260,000 customer accounts

Washington, D.C.-based international development company Chemonics International said the sensitive personal information of more than 260,000 individuals was compromised during the data security incident it suffered last year.

 

In a data security incident notice published on its website, Chemonics International said that on December 15, 2023, it identified suspicious activity involving multiple user accounts. 

 

The company immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident and took remedial steps including conducting password resets and disabling the impacted accounts.

 

“The in-depth cyber forensic investigation identified evidence indicating the unauthorised access occurred beginning on May 30, 2023, and continued through the last date of detection on January 9, 2024. Through the investigation, it was also determined that data was subject to unauthorised access and acquisition,” the company said.

 

The compromised data included names, addresses, email addresses, dates of birth, social security numbers, driver’s license or state ID information, passport information, US military ID information, tribal ID information, financial information, health and related information, usernames and passwords, biometric information, gender/sexual orientation information, and signatures.

 

In a filing with the Office of Maine Attorney General, Chemonics said that it has identified at least 263,136 individuals who were impacted by the incident.

 

The company added that apart from taking the impacted accounts offline, it took steps to “bolster overall security including strengthening multi-factor authentication processes, enhancing email security, deploying additional endpoint monitoring and detection tools, and blocking suspicious Internet traffic.”

 

Chemonics has advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and state attorney general.

 

The organisation has also offered two years of complimentary identity protection and credit monitoring services through Equifax Credit Watch Gold to all affected individuals.