International development firm Chemonics, which mainly caters to the United States Agency of International Development, has not yet provided more extensive information regarding a cyberattack that compromised more than 6,000 individuals initially reported in July 2021, reports FedScoop.
Attackers infiltrated Chemonics email accounts from March 2 to July 13, 2021, to facilitate malicious activity, said Chemonics in separate filings with Maine and New Hampshire regulators that did not shed light on the impacted emails but emphasized the lack of any conclusive evidence suggesting any data exfiltration and misuse of personal information. However, both notifications were found to have discrepancies in the types of data that may have been compromised.
Moreover, both USAID and the Cybersecurity and Infrastructure Security Agency have referred inquiries regarding the incident to Chemonics but the company has neither detailed its actions to address the incident's effect on USAID nor confirmed notifying CISA about the hack.
