Ahtna, an organization managing sensitive personal data, reported a data breach to the Attorney General of New Hampshire after detecting unauthorized access to its systems. The incident was first identified on July 28, 2025, but the breach occurred between April 20 and June 1, 2025, during which an unauthorized third party may have accessed and acquired sensitive personal identifiable information (PII). The compromised data includes names, Social Security numbers, and Individual Taxpayer Identification Numbers (ITINs). Following the discovery, Ahtna initiated an investigation to assess the scope of the breach and identify affected individuals. By November 21, 2025, the company began notifying impacted parties via mail, offering complimentary credit monitoring services as a remedial measure. The breach notice indicates that the exposure of such highly sensitive financial and identification data poses significant risks, including identity theft, financial fraud, and long-term reputational harm to both the company and the affected individuals. The incident underscores vulnerabilities in Ahtna’s data protection measures, raising concerns about the security of personally identifiable information under its custody. The delayed detection (nearly three months after the initial breach period) further exacerbates the potential consequences, as the exposed data could have been exploited during the interim.
Source: https://straussborrelli.com/2025/11/24/ahtna-data-breach-investigation/
Ahtna, Inc. cybersecurity rating report: https://www.rankiteo.com/company/ahtna-inc.
"id": "AHT3004930112525",
"linkid": "ahtna-inc.",
"type": "Breach",
"date": "4/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Unknown (notification letters '
'sent to impacted individuals)',
'name': 'Ahtna',
'type': 'Organization'}],
'customer_advisories': 'Breach notification letters sent to impacted '
'individuals (November 21, 2025)',
'data_breach': {'data_exfiltration': 'Potential (unauthorized access and '
'acquisition confirmed)',
'personally_identifiable_information': ['Name',
'Social Security '
'number',
'Individual taxpayer '
'identification '
'number'],
'sensitivity_of_data': 'High (includes SSNs and taxpayer IDs)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)']},
'date_detected': '2025-07-28',
'date_publicly_disclosed': '2025-11-21',
'description': 'Ahtna reported a data breach to the Attorney General of New '
'Hampshire, where sensitive personally identifiable '
'information (PII) in its systems was potentially accessed and '
'acquired by an unauthorized third party between April 20 and '
'June 1, 2025. The breach was detected on July 28, 2025. '
'Affected individuals were notified on or about November 21, '
'2025, and offered complimentary credit monitoring services. '
'The compromised data includes names, Social Security numbers, '
'and individual taxpayer identification numbers.',
'impact': {'brand_reputation_impact': 'Potential negative impact due to '
'exposure of sensitive PII',
'data_compromised': ['Name',
'Social Security number',
'Individual taxpayer identification number'],
'identity_theft_risk': 'High (due to exposure of SSNs and taxpayer '
'IDs)'},
'investigation_status': 'Completed (as of November 2025, notifications sent)',
'references': [{'source': 'Attorney General of New Hampshire - Data Breach '
'Notice'}],
'regulatory_compliance': {'regulatory_notifications': 'Notified the Attorney '
'General of New '
'Hampshire'},
'response': {'communication_strategy': 'Breach notification letters mailed to '
'impacted individuals; disclosure to '
'the Attorney General of New Hampshire',
'incident_response_plan_activated': 'Yes (investigation launched '
'post-detection)',
'recovery_measures': 'Complimentary credit monitoring services '
'offered to affected individuals'},
'threat_actor': 'Unauthorized third party',
'title': 'Ahtna Data Breach (2025)',
'type': 'Data Breach'}