Search This Blog

68K People Who Received Services from Advocates were Affected by Data Theft

The investigation found that a hacker gained access to the network between Sept. 14 and Sept. 18, 2021.


Approximately 68,000 Advocates clients are being alerted that their personal and protected health information was stolen during a four-day incident in September 2021. Advocates also notified certain employees whose data was stolen during the hacking incident. 

Advocates, Inc. ("Advocates") is a non-profit organization established in Massachusetts that provides a wide range of services to people facing life issues such as addiction, aging, autism, brain damage, intellectual disabilities, mental health, and behavioral health. 

On October 1, 2021, Advocates was notified that an unauthorized actor had copied data from its digital environment. When Advocates discovered this activity, they took action to secure their digital environment. They also hired a top cybersecurity firm to help with the investigation to discover whether personal information was accessed or acquired without authorisation as part of the attack. The research indicated that between September 14, 2021 and September 18, 2021, an unknown person got access and collected data from the Advocates network.

The incident may have involved the following personal and protected health information: name, address, Social Security number, date of birth, client identification number, health insurance information, and medical diagnosis or treatment information. 

Following the inquiry, Advocates began gathering contact information to notify possibly affected individuals. Advocates also alerted the Federal Bureau of Investigation and stated that they will provide whatever assistance is required to hold the criminals accountable, if at all feasible. Advocates take the security and privacy of service recipient information extremely seriously and have taken additional precautions to prevent a similar incident from happening in the future. 

Advocates is not aware of any proof of any information being misused in this incident. However, commencing on January 3, 2022, Advocates distributed notice of this incident to possibly affected persons. Advocates gave information about the incident as well as recommendations that potentially impacted individuals can do to protect their information in this notification letter. Individuals were also given free credit monitoring and identity protection services through IDX, according to Advocates. 

 To answer questions about the incident and address related concerns, Advocates set up a toll-free call centre. Advocates advise users to report their financial institution promptly if they see any suspicious behaviour on any of their accounts, such as unlawful transactions or new accounts opened in their name that they do not recognise. They should also report any fraudulent behaviour or suspected occurrences of identity theft to the appropriate law enforcement authorities as soon as possible.
Share it:

Cyber Security

Data Theft

Personal Information

Threat actor

User Security