An employee at the Kentucky Department of Community Based Services (DCBC) fell for the oldest trick in the address book when he/she clicked on a phishing email and exposed the records of 2,500 of his/her fellow employees.
“In July, a Cabinet’s Department for Community Based Services (DCBS) employee responded to a phishing e-mail sent by a hacker. Unauthorized activity on the account was identified within a half hour, and officials say the account was then disabled.”
Although this data breach was fairly small, it does show us that you are only as smart as your employees, and your incident response plan. You can read all the details here.