AP Stylebook Data Breach Exposes Social Security Numbers And Other Details To Hackers

ap stylebooks data breach found through phishing campaign
This month, the Associated Press is warning that the personal information of AP Stylebook customers was compromised in a data security incident over the summer. What tipped the AP off was a series of phishing emails being sent to AP Stylebook customers asking them to provide updated credit card information.

The AP Stylebook is the “must-have reference for writers, editors, students and professionals,” and is now sold at apstylebook.com. However, it appears that a former Stylebooks website (stylebooks.com) that was still available, managed by a third party, and had access to customer information was the subject of the breach. This became evident after several customers from the compromised site were sent phishing emails “directing them to a fake website that imitated AP Stylebook to provide updated credit card information.”

text ap stylebooks data breach found through phishing campaign

The customers who received these emails were likely tied back to the old website and database by a forensic team employed by AP Stylebook. It was also discovered that the unauthorized party likely gained access to names, email addresses, street addresses, cities, states, zip codes, phone numbers, user IDs, and potentially Social Security Numbers or Taxpayer IDs, depending on what information was submitted for a Tax-Exempt ID. Thankfully, though, this security breach has only affected 224 people who were still in that online database.

Given the potential severity of the data breach, APS is forcing all its customers to change their passwords while also reviewing security protocols and enhancing internal programs. Further, the company is offering two years of credit monitoring and identity restoration services to the affected customers through Experian. Hopefully, this incident will remind companies to lock down or delete old data and customers to keep tabs on where their personal information goes. It only takes one small security incident on a website you might have forgotten about to ruin your day.