The American College of Emergency Physicians (ACEP) experienced a data breach reported by the Maine Attorney General's Office on November 16, 2020. The incident was detected on September 7, 2020, involving unauthorized access to payment card systems. The breach exposed sensitive financial data of 16 Maine residents, including names, addresses, payment card account numbers, expiration dates, card security codes, and ZIP codes all linked to transactions made between May 21, 2020, and September 22, 2020. The compromised information poses a high risk of fraudulent transactions, identity theft, and financial exploitation for the affected individuals. While the breach was limited to a subset of purchases, the exposure of full payment card details (including security codes) significantly elevates the potential for misuse. ACEP likely faced reputational damage, regulatory scrutiny, and potential legal liabilities due to the failure to protect customer financial data. The incident underscores vulnerabilities in payment processing systems, particularly in organizations handling healthcare-related transactions.
TPRM report: https://www.rankiteo.com/company/american-college-of-emergency-physicians
"id": "ame020091825",
"linkid": "american-college-of-emergency-physicians",
"type": "Breach",
"date": "5/2020",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '16 (Maine residents)',
'industry': 'Healthcare / Medical Education',
'location': 'United States',
'name': 'American College of Emergency Physicians '
'(ACEP)',
'type': 'Non-profit Professional Organization'}],
'data_breach': {'data_exfiltration': 'Yes (unauthorized access confirmed)',
'number_of_records_exposed': '16 (Maine residents only; total '
'scope unspecified)',
'personally_identifiable_information': 'Yes (names, '
'addresses, zip codes)',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Payment Card Information '
'(PCI)']},
'date_detected': '2020-09-07',
'date_publicly_disclosed': '2020-11-16',
'description': "The Maine Attorney General's Office reported a data breach "
'involving the American College of Emergency Physicians (ACEP) '
'on November 16, 2020. The breach was discovered on September '
'7, 2020, and involved unauthorized access to payment card '
'information for a subset of purchases made between May 21, '
'2020, and September 22, 2020, affecting sixteen (16) Maine '
'residents. The compromised information included names, '
'addresses, payment card account numbers, expiration dates, '
'card security codes, and zip codes.',
'impact': {'data_compromised': ['names',
'addresses',
'payment card account numbers',
'expiration dates',
'card security codes',
'zip codes'],
'identity_theft_risk': 'High (payment card details exposed)',
'payment_information_risk': 'High (full card details exposed)'},
'references': [{'source': "Maine Attorney General's Office"}],
'regulatory_compliance': {'regulatory_notifications': 'Maine Attorney '
"General's Office"},
'response': {'communication_strategy': 'Public disclosure via Maine Attorney '
"General's Office"},
'title': 'American College of Emergency Physicians (ACEP) Data Breach (2020)',
'type': 'Data Breach'}