An Update on a Recent Security Incident and Our Commitment to Your Trust

At TechChange, the trust of our community is the foundation of everything we do. It is in that spirit of transparency that we are sharing details about a recent security incident.

On July 21, 2025, we discovered that a single TechChange employee’s email account had been compromised by a malicious actor. We took immediate action to secure the account and launch a full investigation to understand the nature and scope of the incident.

What Happened?

Our investigation found that an attacker gained unauthorized access to the account on July 14 using a compromised password and successfully completed two-factor authentication. On July 21, the attacker used this access to take two malicious actions:

1. They exported the employee’s contact list, which contained the names and email addresses of our partners, clients, and community members.
2. They sent a malicious phishing email with the subject line “#Katie Penland Request For Proposal (RFP)#” to the contacts on that list.

Our Immediate Response

Within minutes of discovering the activity, our team permanently locked the attacker out of the account, secured it against further access, and began a thorough investigation. We have confirmed that the unauthorized access was limited to this single email account and did not affect any other TechChange systems.

What This Means For You

• If you received an email from katie.penland@techchange.org on or around July 21, 2025, with the subject “#Katie Penland Request For Proposal (RFP)#”, please do not click on any links, open attachments, or reply to the message. It was not a legitimate communication from TechChange. Please delete it immediately.
• The data that was accessed was limited to contact information (names and email addresses). Our investigation has confirmed that no other sensitive information, such as financial data or passwords, was accessed or compromised.

How to Protect Yourself from Phishing Attacks

This incident is a reminder that phishing attacks are becoming increasingly sophisticated. 

Here are a few key things to look for to help you spot a malicious email:

• Check the Sender’s Address: Look for slight misspellings or unusual domains in the sender’s email address.
• Look for a Sense of Urgency: Attackers often try to create panic, demanding you take immediate action to avoid a negative consequence, like your account being closed.
• Beware of Generic Greetings: Phishing emails often use generic greetings like “Dear Customer” instead of your name.
• Hover Before You Click: Before clicking on any link, hover your mouse over it to see the actual destination URL. If the destination looks suspicious or doesn’t match the link’s text, don’t click it.
• Don’t Open Unexpected Attachments: Be wary of any unsolicited attachments, especially from people you don’t know or that seem out of character for the sender.

Our Commitment to Security

The security of our community is our highest priority. To prevent incidents like this from happening again, we are taking the following steps:

• We are accelerating the deployment of enhanced, phishing-resistant multi-factor authentication (MFA) across our organization, including the use of physical security keys.
• We are conducting a full review of our security protocols and providing updated security awareness training for all of our staff.
• We are notifying individuals directly and have reported this incident to the relevant authorities.

We are deeply sorry for this incident and any concern it may have caused. The trust you place in us is something we work to earn every day, and we are committed to learning from this incident and strengthening our defenses to protect our community.

If you have any further questions, please do not hesitate to contact us at 

security [at] techchange.org.