The California Office of the Attorney General reported a data breach involving Avalara, Inc. on June 7, 2019. The breach occurred on May 22, 2019, due to a vulnerability in the eCompli application that resulted in unauthorized access to personal information of individuals, including names, social security numbers, and other sensitive data.
Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-147956
TPRM report: https://www.rankiteo.com/company/avalara
"id": "ava129080425",
"linkid": "avalara",
"type": "Vulnerability",
"date": "5/2019",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Software',
'name': 'Avalara, Inc.',
'type': 'Company'}],
'attack_vector': 'Vulnerability Exploitation',
'data_breach': {'personally_identifiable_information': True,
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['names',
'social security numbers',
'other sensitive data']},
'date_detected': '2019-05-22',
'date_publicly_disclosed': '2019-06-07',
'description': 'The California Office of the Attorney General reported a data '
'breach involving Avalara, Inc. on June 7, 2019. The breach '
'occurred on May 22, 2019, due to a vulnerability in the '
'eCompli application that resulted in unauthorized access to '
'personal information of individuals, including names, social '
'security numbers, and other sensitive data.',
'impact': {'data_compromised': ['names',
'social security numbers',
'other sensitive data']},
'references': [{'date_accessed': '2019-06-07',
'source': 'California Office of the Attorney General'}],
'title': 'Avalara, Inc. Data Breach',
'type': 'Data Breach',
'vulnerability_exploited': 'eCompli application vulnerability'}