The American Federation of Musicians and Employers' Pension Fund (AFMEPF) experienced a data breach between May 22, 2020, and August 18, 2020, which was reported on January 12, 2021. The incident stemmed from unauthorized access to an employee’s email account, compromising sensitive personal data. A total of 3,439 individuals were affected, including three Maine residents. The exposed information included names, addresses, and Social Security numbers, posing significant risks such as identity theft, financial fraud, and long-term reputational harm to the organization. The breach highlights vulnerabilities in email security protocols, particularly concerning phishing or credential compromise, which allowed attackers to infiltrate internal systems. While the breach did not involve ransomware or a large-scale operational disruption, the leak of personally identifiable information (PII) of employees and associated individuals underscores the severe implications for data privacy and regulatory compliance. The fund was required to notify affected parties and likely faced scrutiny over its cybersecurity measures and incident response procedures.
TPRM report: https://www.rankiteo.com/company/afmepf
"id": "afm1009091725",
"linkid": "afmepf",
"type": "Breach",
"date": "5/2020",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'customers_affected': '3,439 (including 3 Maine '
'residents)',
'industry': 'Labor Union / Financial Services',
'name': 'American Federation of Musicians and '
"Employers' Pension Fund (AFMEPF)",
'type': 'Pension Fund'},
{'industry': 'Legal / Regulatory',
'location': 'Maine, USA',
'name': 'Maine Office of the Attorney General',
'type': 'Government Agency'}],
'attack_vector': 'Compromised Employee Email Account',
'data_breach': {'data_exfiltration': 'Likely (unauthorized access to email)',
'number_of_records_exposed': '3,439',
'personally_identifiable_information': ['Names',
'Addresses',
'Social Security '
'Numbers'],
'sensitivity_of_data': 'High (includes SSNs)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)']},
'date_publicly_disclosed': '2021-01-12',
'description': 'Unauthorized access to an employee email account at the '
"American Federation of Musicians and Employers' Pension Fund "
'(AFMEPF) resulted in a data breach affecting 3,439 '
'individuals, including 3 Maine residents. Compromised data '
'includes names, addresses, and Social Security numbers.',
'impact': {'data_compromised': ['Names',
'Addresses',
'Social Security Numbers'],
'identity_theft_risk': 'High (SSNs compromised)',
'systems_affected': ['Employee Email Account']},
'initial_access_broker': {'entry_point': 'Employee Email Account'},
'references': [{'source': 'Maine Office of the Attorney General'}],
'regulatory_compliance': {'regulatory_notifications': ['Maine Office of the '
'Attorney General']},
'response': {'communication_strategy': "Public disclosure via Maine AG's "
'office'},
'title': "Data Breach at American Federation of Musicians and Employers' "
'Pension Fund (AFMEPF)',
'type': 'Data Breach'}