The Institute of Electrical and Electronics Engineers has notified more than 800 of its members that their credit card and personal information may have been stolen in a November security breach.
In a letter written Feb. 24 to the New Hampshire attorney general, the IEEE legal team said that on or about Nov. 17, “an unauthorized person may have obtained access to credit card numbers and the associated names, expiration dates and security numbers for approximately 828 cardholders,” Kaspersky Lab reported.
The IEEE said it discovered the breach in December, reported the incident to the FBI and employed a team of forensic investigators, who found and fixed the security vulnerabilities that allowed the attackers to gain entry into its computer network.
The November hack was described as a “sophisticated network intrusion.” It’s a description that in cybersecurity circles often points to government-organized attacks, especially originating in China.
Kaspersky Lab analysts are still unclear whether the IEEE breach was “an opportunistic attack aimed at stealing just credit card information,” or whether it targeted data on specific IEEE members, “many of whom work within organizations and industries that are known to be of interest to foreign governments.”
With more than 400,000 members in more than 160 countries, the IEEE calls itself “the world’s largest professional association dedicated to advancing technological innovation and excellence for the benefit of humanity.”