Educators Benefit Consultants, LLC (operating as Aviben) suffered a data breach between February 21 and February 23, 2024, caused by an unauthorized attempt to exploit a zero-day vulnerability in their computer network. The incident exposed highly sensitive personal information, including names, Social Security numbers, and financial account details of affected individuals. The breach was formally reported to the California Office of the Attorney General on August 9, 2024, indicating a delayed discovery or disclosure. The compromised data poses significant risks, such as identity theft, financial fraud, and long-term reputational harm to both the company and the impacted individuals. Given the nature of the exposed information particularly financial and government-issued identifiers the breach carries severe implications for privacy and security, potentially leading to regulatory scrutiny and legal consequences for Aviben.
Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-590046
TPRM report: https://www.rankiteo.com/company/aviben
"id": "avi551091725",
"linkid": "aviben",
"type": "Breach",
"date": "2/2024",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'industry': 'Consulting (Benefits/Education Sector)',
'location': 'California, USA',
'name': 'Educators Benefit Consultants, LLC (d/b/a '
'Aviben)',
'type': 'Private Company'}],
'attack_vector': 'Zero-day vulnerability exploitation',
'data_breach': {'data_exfiltration': 'Likely (unauthorized access to network)',
'personally_identifiable_information': ['names',
'Social Security '
'numbers'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Financial Data']},
'date_publicly_disclosed': '2024-08-09',
'description': 'The California Office of the Attorney General reported that '
'Educators Benefit Consultants, LLC (d/b/a Aviben) experienced '
'a data breach possibly exposing personal information from '
'February 21 to February 23, 2024. The breach involved an '
'unauthorized attempt to access their computer network due to '
'a zero-day vulnerability; specific types of compromised '
'information included names, Social Security numbers, and '
'financial account numbers, among others.',
'impact': {'data_compromised': ['names',
'Social Security numbers',
'financial account numbers'],
'identity_theft_risk': 'High (due to exposure of SSNs and '
'financial data)',
'payment_information_risk': 'High (financial account numbers '
'exposed)',
'systems_affected': ['computer network']},
'initial_access_broker': {'high_value_targets': ['Personal data (SSNs, '
'financial accounts)']},
'investigation_status': 'Reported; details pending',
'post_incident_analysis': {'root_causes': ['Exploitation of zero-day '
'vulnerability in computer '
'network']},
'references': [{'date_accessed': '2024-08-09',
'source': 'California Office of the Attorney General'}],
'regulatory_compliance': {'regulations_violated': ['Potential violation of '
'California Consumer '
'Privacy Act (CCPA)',
'Potential violation of '
'other state/federal data '
'protection laws'],
'regulatory_notifications': ['Reported to '
'California Office of '
'the Attorney '
'General']},
'title': 'Data Breach at Educators Benefit Consultants, LLC (d/b/a Aviben)',
'type': 'Data Breach',
'vulnerability_exploited': 'Zero-day vulnerability'}