DePaul announced Monday that the organization experienced a data breach on Feb. 1.
The breach was described as a phishing scam targeted to a single employee's email account. DePaul says that it’s reviewed more 41,000 emails and believe that a vast majority of the emails don't contain medical or psychiatric information. A small percentage did contain information like first and last names, dates of birth, or Social Security numbers.
Those directly affected were served by DePaul's behavioral health program and were notified about the breach by letter. The organization has also posted about the incident on its website, and it encourages anyone who may think they were part of the breach to call DePaul at 833-888-4248.
DePaul is offering a year of free credit monitoring services to the people who had their Social Security number exposed, provided sign-up is done within 90 days.
DePaul says, to date, there is no evidence the data in the emails was used, shared, or that any person has experienced identity theft. The organization has secured the breached email account, and has trained staff to identify these breaches to avoid future incidents.