Password data phishing, hacker attack prevention vector concept. Fraud with login and password illustration

The Girl Scouts of Orange County has sent out letters warning almost three thousand members that their personal information may have been compromised in a breach.

The letter, which was also filed with the State of California, explained that the organization “became aware that an unauthorized third party illegally gained access” to their email account, but “did not appear to gain access to any other GSOC email accounts[.]”

The email account in question was used to communicate about travel, and had information on members going back as far as 2014, potentially including full names, birthdates, email addresses, home addresses, driver’s licenses, health history information, and insurance policy numbers. GSOC announced that it was “implementing additional cybersecurity measures,” but was not offering paid identity theft or credit protection, instead suggesting members use free tools such as Credit Karma.

Schools and organizations like the Girl Scouts often require fairly extensive information on their members and chaperones for events and field trips. While this is primarily done for the safety of children, leaving it largely unprotected in easily compromised email accounts might have the reverse effect.