Seven Counties Services reports data breach caused by phishing attack
Learn More
Seven Counties Services, reports a data breach following the discovery that staff email accounts were compromised in a phishing attack. Founded in 1978 and based in Louisville, Kentucky, Seven Counties Services provides mental and behavioral health services across several counties in Kentucky.
The breach occurred when an unauthorized party sent a phishing email that mimicked a trusted source, leading employees to respond and inadvertently granting access to sensitive data stored in their email accounts. This incident was first detected by Seven Counties Services' IT department on August 12, 2024.
As a result of the breach, sensitive consumer information was exposed, including:
- Names
- Dates of birth
- Social Security numbers
- Addresses
- Phone numbers
- Email addresses
- Diagnoses
- Dates of service
The number of affected individuals is not disclosed.
The company began notifying affected individuals on October 3, 2024, via formal data breach notification letters.
