AmeriFirst Financial, Inc.

The California Office of the Attorney General disclosed a data breach affecting AmeriFirst Financial, Inc. in June 2021. The incident, spanning from July 13, 2020, to December 14, 2020, involved unauthorized access to the company’s Microsoft Office 365 email accounts. The breach exposed sensitive personal information, including names, Social Security numbers (SSNs), and bank account numbers of affected individuals. While the exact number of impacted parties was not specified, the exposure of such highly sensitive financial and identity-related data poses significant risks, including identity theft, financial fraud, and long-term reputational harm to the company. The breach was attributed to a cyber intrusion, though the specific attack vector (e.g., phishing, credential stuffing) was not detailed in the report. The prolonged duration of the breach (over five months) suggests potential delays in detection, exacerbating the severity of the incident.

Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-542030

TPRM report: https://www.rankiteo.com/company/amerifirst-financial-inc.

"id": "ame036091825",
"linkid": "amerifirst-financial-inc.",
"type": "Breach",
"date": "7/2020",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'industry': 'Mortgage Lending',
                        'location': 'California, USA',
                        'name': 'AmeriFirst Financial, Inc.',
                        'type': 'Financial Services'}],
 'attack_vector': 'Unauthorized Access (Email Compromise)',
 'data_breach': {'data_exfiltration': 'Likely (unauthorized access to emails)',
                 'file_types_exposed': ['Emails', 'Attachments (potential)'],
                 'personally_identifiable_information': ['Names',
                                                         'Social Security '
                                                         'Numbers'],
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Personal Information',
                                              'Financial Information']},
 'date_publicly_disclosed': '2021-06-18',
 'description': 'The California Office of the Attorney General reported a data '
                'breach involving AmeriFirst Financial, Inc. The breach '
                'occurred between July 13, 2020, and December 14, 2020, '
                'involving unauthorized access to Microsoft Office 365 email '
                'accounts, potentially exposing personal information such as '
                'names, Social Security numbers, and bank account numbers.',
 'impact': {'data_compromised': ['Names',
                                 'Social Security Numbers',
                                 'Bank Account Numbers'],
            'identity_theft_risk': 'High (PII exposed)',
            'payment_information_risk': 'High (Bank Account Numbers exposed)',
            'systems_affected': ['Microsoft Office 365 Email Accounts']},
 'initial_access_broker': {'entry_point': 'Microsoft Office 365 Email '
                                          'Accounts'},
 'references': [{'date_accessed': '2021-06-18',
                 'source': 'California Office of the Attorney General'}],
 'regulatory_compliance': {'regulations_violated': ['California Consumer '
                                                    'Privacy Act (CCPA) - '
                                                    'Likely'],
                           'regulatory_notifications': ['California Office of '
                                                        'the Attorney '
                                                        'General']},
 'title': 'AmeriFirst Financial, Inc. Data Breach (2020)',
 'type': 'Data Breach'}