BRUNSWICK COUNTY, NC (WWAY) — The company that administers the Flexible Spending Account plans for Brunswick County Schools had a data breach, which means hundreds of school employees may be affected.
Interactive Medical Systems Corporation is the third-party company that administers the employee benefit plan. The company noticed an IMS employee’s email account was the victim of a phishing attack on December 31.
The investigation confirmed that emails within the affected user’s email account between July 19 and December 31 were exposed to an unknown unauthorized third party as a result of the phishing attack.
658 employees with Brunswick County Schools have a Flexible Spending Account and could potentially be impacted.
IMS determined that the categories of personal information exposed varies for each affected individual and may have included: First and Last Name, Last Four Digits of Social Security Number, Transaction Date and Amount, Plan Sponsor/Employer Name, Address. Some individuals’ information may have also included: Social Security Number, Email Address, Mailing Address, Date of Birth, Plan Coverage Dates, and FSA Election.
If any Brunswick County School employees were impacted, they were sent letters telling them what they can do to protect themselves.
IMS said it tightening network and email security to prevent this from happening again in the future.