Radio Free Asia, a U.S. government-sponsored news outlet, announced a breach this week that affected almost 4,000 people – leaking troves of personal information including Social Security and passport numbers, as well as financial data.
According to documents filed with Maine’s attorney general, the hack occurred on June 17 and was discovered by RFA on June 28. At least 3,779 were affected by the hack, which included the theft of addresses, driver’s license numbers, health insurance information, medical information, and “limited financial information.”
“On June 28, 2022, we became aware of the Incident within our email system which indicated unauthorized access to a limited number of servers. Out of an abundance of caution and immediately following detection, RFA took systems offline and took measures to address and contain the Incident including launching an investigation, engaging data privacy and security professionals, working with law enforcement, changing passwords, and migrating to a new cloud-based email environment,” the organization said in a letter to victims.
“The investigation determined that unauthorized access resulted from an exploit of a service provider’s vulnerability, unknown by RFA at the time of the compromise. At this time, there is no evidence Information has been misused; nevertheless, we are providing this notice.”
Victims are being offered two years of credit monitoring through Equifax. RFA did not respond to requests for comment but spokesperson Rohit Mahajan told The Washington Post on Tuesday that they were never contacted by the hackers.
Mahajan added that RFA notified law enforcement, the U.S. Congress, the Cybersecurity and Infrastructure Security Agency and the United States Agency for Global Media, which funds the organization through an annual grant.
RFA provides news on several Asian countries including China, Myanmar, Cambodia, Laos, North Korea, Vietnam and more.