On January 31, 2018, Ascensus, LLC experienced a data breach due to the inadvertent misdelivery of sensitive personal information belonging to participants in the Red Hawk Casino 401(K) Plan. The exposed data included names, addresses, birth dates, dates of hire, and Social Security numbers (SSNs) highly sensitive identifiers that could facilitate identity theft or financial fraud. The breach was reported to the California Office of the Attorney General on February 20, 2018. While the incident did not involve a malicious cyber attack or ransomware, the unauthorized disclosure of employee financial and personal records posed significant risks, including potential fraud, reputational damage to Ascensus, and regulatory scrutiny. The breach underscored vulnerabilities in data handling procedures, particularly in scenarios where third-party recipients were involved. Given the nature of the exposed data (SSNs and employment details), the incident had long-term implications for affected individuals, increasing their susceptibility to targeted scams or credit-related crimes.
Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-133904
TPRM report: https://www.rankiteo.com/company/ascensus
"id": "asc947091725",
"linkid": "ascensus",
"type": "Breach",
"date": "1/2018",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'customers_affected': 'Participants in the Red Hawk '
'Casino 401(K) Plan',
'industry': 'Financial Services',
'location': 'United States (California)',
'name': 'Ascensus, LLC',
'type': 'Financial Services (Retirement Plan '
'Administrator)'},
{'industry': 'Gaming & Hospitality',
'location': 'United States (California)',
'name': 'Red Hawk Casino',
'type': 'Casino / Employer'}],
'data_breach': {'data_exfiltration': 'Yes (inadvertent disclosure to '
'unauthorized party)',
'personally_identifiable_information': ['Names',
'Addresses',
'Birth Dates',
'Social Security '
'Numbers'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Employment Records']},
'date_detected': '2018-01-31',
'date_publicly_disclosed': '2018-02-20',
'description': 'The California Office of the Attorney General reported a data '
'breach involving Ascensus, LLC on February 20, 2018. The '
'breach occurred on January 31, 2018, due to the inadvertent '
'delivery of personal information of participants in the Red '
'Hawk Casino 401(K) Plan to another party, affecting '
'information such as names, addresses, birth dates, dates of '
'hire, and Social Security numbers.',
'impact': {'data_compromised': ['Names',
'Addresses',
'Birth Dates',
'Dates of Hire',
'Social Security Numbers'],
'identity_theft_risk': 'High (PII exposed)'},
'post_incident_analysis': {'root_causes': 'Human error (inadvertent '
'disclosure of sensitive data to '
'unauthorized party)'},
'references': [{'date_accessed': '2018-02-20',
'source': 'California Office of the Attorney General'}],
'regulatory_compliance': {'regulations_violated': ['Potential violation of '
'California data breach '
'notification laws (e.g., '
'CCPA precursor)'],
'regulatory_notifications': 'California Office of '
'the Attorney General'},
'response': {'communication_strategy': 'Public disclosure via California '
'Office of the Attorney General'},
'title': 'Ascensus, LLC Data Breach (2018)',
'type': 'Data Breach (Unintentional Disclosure)'}