American Coffee Corporation

The Maine Office of the Attorney General disclosed a data breach affecting American Coffee Corporation in January 2021. The incident stemmed from unauthorized access to employee email accounts between July 22, 2020, and August 18, 2020, compromising sensitive personal data. A total of 72 individuals were impacted, including two Maine residents. The exposed information included names and Social Security Numbers (SSNs), which are highly sensitive identifiers that could facilitate identity theft or financial fraud. The breach was attributed to a security lapse in email account protections, allowing attackers to exfiltrate employee-related data. While the exact method of intrusion (e.g., phishing, credential stuffing) was not specified, the focus on employee accounts suggests a targeted effort to exploit internal vulnerabilities. The compromised SSNs pose long-term risks, as they cannot be easily replaced and may be used for fraudulent activities such as loan applications, tax filings, or medical identity theft. The company was required to notify affected individuals and likely implemented remediation measures, though the public report did not detail specific corrective actions or whether regulatory penalties were imposed.

Source: https://www.maine.gov/agviewer/content/ag/985235c7-cb95-4be2-8792-a1252b4f8318/0479cd0e-d584-450f-88a9-9eea74db8e37.shtml

TPRM report: https://www.rankiteo.com/company/american-food-&-vending

"id": "ame1031090725",
"linkid": "american-food-&-vending",
"type": "Breach",
"date": "7/2020",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"

{'affected_entities': [{'customers_affected': 'No (Employees affected: 72 '
                                              'individuals)',
                        'industry': 'Food & Beverage (Coffee)',
                        'name': 'American Coffee Corporation',
                        'type': 'Private Company'}],
 'attack_vector': 'Unauthorized Access (Email Account Compromise)',
 'data_breach': {'data_exfiltration': 'Likely (unauthorized access to emails)',
                 'number_of_records_exposed': 72,
                 'personally_identifiable_information': ['Names',
                                                         'Social Security '
                                                         'Numbers'],
                 'sensitivity_of_data': 'High (SSNs included)',
                 'type_of_data_compromised': ['Personally Identifiable '
                                              'Information (PII)']},
 'date_publicly_disclosed': '2021-01-06',
 'description': 'The Maine Office of the Attorney General reported a data '
                'breach involving American Coffee Corporation on January 6, '
                '2021. The breach involved unauthorized access to employee '
                'email accounts between July 22, 2020, and August 18, 2020, '
                'affecting 72 individuals, including two Maine residents. '
                'Compromised data included names and Social Security Numbers.',
 'impact': {'data_compromised': ['Names', 'Social Security Numbers'],
            'identity_theft_risk': 'High (SSNs exposed)',
            'systems_affected': ['Employee Email Accounts']},
 'references': [{'date_accessed': '2021-01-06',
                 'source': 'Maine Office of the Attorney General'}],
 'regulatory_compliance': {'regulatory_notifications': ['Maine Office of the '
                                                        'Attorney General']},
 'response': {'communication_strategy': 'Public disclosure via Maine Attorney '
                                        'General'},
 'title': 'American Coffee Corporation Data Breach (2020)',
 'type': 'Data Breach'}