Avient Corporation

Avient Corporation suffered a phishing data breach between February 22, 2021, and March 1, 2021, compromising the personal information of 8,841 individuals, including 35 Maine residents. The breach was detected on May 27, 2021, with notification letters sent to affected parties on July 1, 2021. While the exact type of exposed data was not fully detailed, the incident involved employee and/or customer personal information, likely including identifiers such as names, addresses, or financial details. The company responded by offering one year of identity theft protection services via Experian to mitigate potential risks like fraud or identity theft. The delay in discovery (nearly three months) and the scale of affected individuals underscore the severity of the breach, particularly as phishing attacks often target sensitive internal or customer data for malicious exploitation.

Source: https://www.maine.gov/agviewer/content/ag/985235c7-cb95-4be2-8792-a1252b4f8318/7c207e70-eec3-4a97-a46a-cf14242334f2.shtml

TPRM report: https://www.rankiteo.com/company/avient-corporation

"id": "avi032091825",
"linkid": "avient-corporation",
"type": "Breach",
"date": "2/2021",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'customers_affected': '8,841',
                        'name': 'Avient Corporation',
                        'type': 'Corporation'},
                       {'customers_affected': '35',
                        'location': 'Maine, USA',
                        'name': 'Maine Residents',
                        'type': 'Individuals'}],
 'attack_vector': 'Phishing',
 'customer_advisories': 'Notification letters mailed on July 1, 2021, with '
                        'offer of one-year identity theft protection via '
                        'Experian',
 'data_breach': {'number_of_records_exposed': '8,841',
                 'personally_identifiable_information': True,
                 'sensitivity_of_data': 'High (PII)',
                 'type_of_data_compromised': 'Personal Information'},
 'date_detected': '2021-05-27',
 'date_publicly_disclosed': '2021-07-01',
 'description': 'The Maine Office of the Attorney General reported that Avient '
                'Corporation experienced a phishing data breach between '
                'February 22, 2021, and March 1, 2021, affecting 8,841 '
                'individuals in total, including the personal information of '
                '35 Maine residents. Identity theft protection services were '
                'offered for one year through Experian.',
 'impact': {'data_compromised': 'Personal Information',
            'identity_theft_risk': 'High (Identity theft protection services '
                                   'offered)'},
 'initial_access_broker': {'entry_point': 'Phishing'},
 'references': [{'source': 'Maine Office of the Attorney General'}],
 'regulatory_compliance': {'regulatory_notifications': 'Maine Office of the '
                                                       'Attorney General'},
 'response': {'communication_strategy': 'Notification letters mailed to '
                                        'affected individuals',
              'third_party_assistance': 'Experian (Identity Theft Protection '
                                        'Services)'},
 'title': 'Avient Corporation Phishing Data Breach (2021)',
 'type': 'Data Breach'}