The US Fund for Unicef, a non-profit NGO headquartered in New York, has notified the Office of the New Hampshire Attorney General that it had suffered a breach in November 2013.
According to the letter, on December 2, 2013 they have discovered that unauthorised individuals have accessed one of its servers on or about November 4.
“Upon discovery, the US Fund immediately disabled the affected server and disconnected it from the US Fund network,” they say, adding that they have immediately launched an investigation into the matter, and have hired a independent third-party computer forensic firm to assist them in the investigation and help them determine the identities of individuals whose information may have been exposed.
They discovered that the attack was limited to one server, and that the names, phone numbers, credit card info (both security code and expiration date), and bank account info of three New Hampshire residents have been compromised.
The affected individuals have been appraised of the situation and have been provided with one free year of credit monitoring and identity restoration services with AllClear ID, as well as information on how to protect themselves against fraud and identity theft.
The organisation did not share the total number of individuals whose information has been compromised with the New Hampshire Attorney General, but judging by the contents of the notification they have attached to the letter, North Carolina and Maryland residents were also affected by the breach.
They also made sure to note that, so far, they have found no evidence of attempted or actual misuse of the compromised information.