AgeSpan, Inc.

The Maine Office of the Attorney General disclosed a data breach at AgeSpan, Inc. on December 2, 2024, stemming from unauthorized access to an employee’s email account between June 25–26, 2024. The incident compromised the personal information of 207 individuals, though the exact type of exposed data (e.g., financial, health, or PII) was not specified in the report. In response, AgeSpan offered affected individuals a complimentary one-year membership to Experian IdentityWorks Credit 3B, a credit monitoring and identity theft protection service, likely as a mitigative measure against potential fraud or misuse of the exposed data. The breach highlights vulnerabilities in email security protocols, particularly concerning employee accounts with access to sensitive information. While the scale of the breach is relatively small, the exposure of personal data—even without confirmed malicious use—posses risks of identity theft, phishing, or reputational harm to both the company and the impacted individuals.

Source: https://www.maine.gov/agviewer/content/ag/985235c7-cb95-4be2-8792-a1252b4f8318/109280fd-e2b0-49d6-ade9-6e5d1cf8d764.html

TPRM report: https://www.rankiteo.com/company/agespan

"id": "age036091825",
"linkid": "agespan",
"type": "Breach",
"date": "6/2024",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"

{'affected_entities': [{'customers_affected': 207,
                        'industry': 'Healthcare / Aging Services',
                        'location': 'Maine, USA',
                        'name': 'AgeSpan, Inc.',
                        'type': 'Non-Profit Organization'}],
 'attack_vector': 'Unauthorized Access (Email Account Compromise)',
 'customer_advisories': ['Complimentary one-year membership of Experian '
                         'IdentityWorks Credit 3B offered to affected '
                         'individuals'],
 'data_breach': {'number_of_records_exposed': 207,
                 'personally_identifiable_information': True},
 'date_publicly_disclosed': '2024-12-02',
 'description': 'The Maine Office of the Attorney General reported a data '
                'breach involving AgeSpan, Inc. due to unauthorized access to '
                "an employee's email account, affecting 207 individuals. "
                'AgeSpan is offering a complimentary one-year membership of '
                'Experian IdentityWorks Credit 3B as a response.',
 'impact': {'data_compromised': True,
            'identity_theft_risk': True,
            'systems_affected': ['Employee Email Account']},
 'initial_access_broker': {'entry_point': 'Employee Email Account'},
 'references': [{'date_accessed': '2024-12-02',
                 'source': 'Maine Office of the Attorney General'}],
 'regulatory_compliance': {'regulatory_notifications': ['Maine Office of the '
                                                        'Attorney General']},
 'response': {'recovery_measures': ['Complimentary one-year membership of '
                                    'Experian IdentityWorks Credit 3B for '
                                    'affected individuals'],
              'third_party_assistance': ['Experian (IdentityWorks Credit 3B)']},
 'title': 'AgeSpan, Inc. Data Breach via Unauthorized Email Access',
 'type': 'Data Breach'}

AgeSpan, Inc.

Civil Service Pension Scheme: Gov't Reports Capita Over Pension Data Breach

Gastrodat and Chekin: Millions of hotel goers may have been exposed after hackers steal data and leak it on Telegram

Inditex and Zara: Zara Owner Inditex Data Breach Sparks Global Alert, No Customer Data Leaked