The Vermont Office of the Attorney General disclosed that Acorn Financial Services suffered a data breach on August 22, 2022, stemming from unauthorized access to an employee’s email account. While the exact scope of accessed data remains unverified, the incident potentially exposed highly sensitive personal and financial information, including names, addresses, dates of birth, driver’s license numbers, financial account details, and Social Security numbers. The breach posed significant risks of identity theft, financial fraud, and long-term reputational harm to affected individuals. In response, Acorn initiated an internal investigation, bolstered cybersecurity protocols, and provided one year of complimentary identity monitoring services to mitigate potential damages. The incident underscores vulnerabilities in email security and the critical need for robust access controls to prevent exploitation of employee credentials by malicious actors.
Source: https://ago.vermont.gov/document/2023-01-31-acorn-financial-services-data-breach-notice-consumers
TPRM report: https://www.rankiteo.com/company/acorn-finacial-services
"id": "aco559082025",
"linkid": "acorn-finacial-services",
"type": "Breach",
"date": "8/2022",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Financial',
'location': 'Vermont, USA',
'name': 'Acorn Financial Services',
'type': 'Financial Services'}],
'attack_vector': 'Unauthorized Access (Employee Email Account)',
'customer_advisories': ['Offered 1 year of identity monitoring'],
'data_breach': {'data_exfiltration': 'Potential (not confirmed)',
'personally_identifiable_information': ['Names',
'Addresses',
'Dates of Birth',
"Driver's License "
'Numbers',
'Social Security '
'Numbers'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Financial Data']},
'date_detected': '2022-08-22',
'description': 'The Vermont Office of the Attorney General reported that '
'Acorn Financial Services experienced a data breach on August '
"22, 2022, involving unauthorized access to an employee's "
'email account. While specific information was not known to be '
'accessed, the breach may have involved names, addresses, '
"dates of birth, driver's license numbers, financial account "
'numbers, and Social Security numbers. Acorn activated an '
'investigation and enhanced security measures, offering one '
'year of identity monitoring to affected individuals.',
'impact': {'brand_reputation_impact': 'Potential (due to sensitive data '
'exposure)',
'data_compromised': ['Names',
'Addresses',
'Dates of Birth',
"Driver's License Numbers",
'Financial Account Numbers',
'Social Security Numbers'],
'identity_theft_risk': 'High (PII and financial data exposed)',
'payment_information_risk': 'High (financial account numbers '
'exposed)',
'systems_affected': ['Employee Email Account']},
'initial_access_broker': {'entry_point': 'Employee Email Account'},
'investigation_status': 'Ongoing (as of report)',
'post_incident_analysis': {'corrective_actions': ['Enhanced Security '
'Measures']},
'references': [{'source': 'Vermont Office of the Attorney General'}],
'regulatory_compliance': {'regulatory_notifications': ['Reported to Vermont '
'Office of the '
'Attorney General']},
'response': {'communication_strategy': ['Offered 1 year of identity '
'monitoring to affected individuals'],
'enhanced_monitoring': True,
'incident_response_plan_activated': True,
'remediation_measures': ['Enhanced Security Measures']},
'title': 'Acorn Financial Services Data Breach (2022)',
'type': 'Data Breach'}