The Huntington's Disease Society of America (HDSA) recently began notifying some of its employees, donors, board members and vendors that their personal information may have been exposed when an HDSA financial executive's webmail account was hacked on or about May 3, 2013 (h/t DataBreaches.net).
According to a statement [PDF] provided to New Hampshire Attorney General Michael A. Delaney by the law firm Nelson Levine de Luca & Hamilton on HDSA's behalf, the webmail account was accessed with the aim of transferring funds from HDSA's bank account to another bank account.
The financial executive's e-mails contained HDSA employees' names, addresses and Social Security numbers, as well as other information for HDSA donors, board members and vendors.
It's not clear from the statement why such information was being sent via e-mail, or whether doing so was in violation of any of HDSA's policies.
HDSA is offering one free year of Experian ProtectMyID identity monitoring and identity recovery services to all those affected.