MADISON, Wis. (WMTV)- An unauthorized party potentially gained access to personal information of 2,100 Wisconsinites a part of a state agency's single family mortgage program.
The Wisconsin Housing and Economic Development Authority's (WHEDA) announced the phishing attack on Friday. An unauthorized third party accesses up to three WHEDA email accounts. They then had access to a range of customer information, such as names, social security numbers, driver’s license number or state identification number, and bank account numbers.
WHEDA has reached out to all impacted customers with additional information
“This is the first time this has ever happened at WHEDA, and we take this very seriously," said WHEDA Executive Director Joaquín Altoro. "We already invest significantly in information technology security and staff training, and we will be doing more of it in the future. We regret that this happened and will work with those affected to reduce any chances for negative impacts.”
Altoro said the incident occurred on or around Aug. 22 and was discovered the following Monday. WHEDA’s IT personnel disabled access to the compromised email accounts. Law enforcement was also notified and brought in forensic IT experts to examine the situation.
Altoro said WHEDA will provide one year of identity theft protection and insurance as well as credit monitoring at no charge to impacted customers.He said that WHEDA also has established a toll-free telephone line through Experian for customers to call with questions – 1-833-704-9390.
"Security is a top priority for us at WHEDA, and we are committed to trying to make this a one-time only occurrence. All it takes is for one person to take the bait for a phishing attack to be successful and we are working to prevent these attacks from succeeding in the future,” added Altoro.
Altoro said WHEDA will continue to monitor the potentially impacted accounts and added that they will take steps to further increase security around its email system.