Processing Your Payment

Please do not leave this page until complete. This can take a few moments.

Updated: February 18, 2020

SoPo nonprofit says data breach may have affected unknown number of clients

A South Portland nonprofit that provides services for people with intellectual disabilities said Monday there may have been a public breach in its confidential data. But two months after discovering the potential risk, the organization isn’t saying much else.

PSL Services, also known as Peregrine Corp., told Mainebiz that personal data including names and medical information may have been accessed illicitly. The company said multiple employee email accounts, potentially containing sensitive information, were accessed without authorization between Dec. 16 and Dec. 19, 2019.

PSL would not speculate who might have accessed them, but said in an email "it is likely that the cyber criminal was looking for our agency to send funds electronically, which we did not."

Despite repeated inquiries, PSL did not disclose the number of people who may have been affected or other details, pending further investigation.

“The contents of a small number of email accounts were exposed,” said Lori Sanville, executive director, on Monday night. “The number is unknown until the data mining is completed. We will then contact anyone affected.”

PSL learned of the potential data breach on Dec. 17, after noticing suspicious activity in an employee email account, according to a news release. PSL said it then notified its information services firm.

Among the information that may have been accessed inappropriately were names, addresses, dates of birth, Social Security numbers, driver's license numbers, medical information and identifying numbers for participation in Maine’s Medicaid health benefits program, MaineCare.

In addition to not saying how many people might be affected, PSL did not respond to questions about whether the individuals were clients, family members, employees or others.

The agency did not publicly reveal the potential breach until distributing the release on a website at 5 p.m. Friday — the eve of a long holiday weekend.

In the release, PSL said it had “notified the Office of Civil Rights at U.S. Department of Health and Human Services, the Maine Attorney General, and prominent news media outlets throughout the state of Maine." Under Maine law, data breaches involving more than 1,000 state residents must be publicly reported, and a media disclosure is one way to do that.

The company has also contracted with a cybersecurity vendor to determine what may have happened, and has stepped up information security measures since the incident, according to Sanville.

“We want our clients and the community to know that we take this matter very seriously and that we remain committed to assisting our clients first and foremost," she told Mainebiz.

PSL, founded in 1992, provides residential and community services, mental health care, case management and other support for adults and teens with intellectual, developmental and emotional disabilities. The nonprofit, which has offices at 39 Darling Ave. and 28 Foden Road in South Portland, is well-known for its STRIVE program, which provides recreation, social opportunities and peer support for nearly 1,000 clients.

In December, PSL and STRIVE launched an employment training program in cooperation with Southern Maine Community College.

Sign up for Enews

0 Comments

Order a PDF