Recently, Barr & Barr reported to the Attorney General of Maine that it had experienced a data breach in which sensitive personal identifiable information in its care may have been compromised. According to the breach notice, on or around November 6, 2025, Barr & Barr became aware of suspicious activity involving its computer network.1 As a result, Barr & Barr launched an investigation to determine the nature of the incident.
Through its investigation, Barr & Barr confirmed that sensitive personal information in its systems may have been accessed and acquired by an unauthorized third party on September 4, 2025. As a result, Barr & Barr began a review of the data to determine what information had been impacted as well as identify the specific individuals affected. While the information impacted varies depending on the individual, the type of information potentially exposed includes:
Name
Social Security number
On December 4, 2025, Barr & Barr began mailing data breach notification letters to impacted individuals. Based on the breach notice sent to Maine residents, Barr & Barr is providing affected individuals with a list of the specific types of sensitive information impacted and 12 months complimentary credit monitoring services. A link to the breach notification letters that Barr & Barr filed with the Attorney General of Maine is below.
Source: https://straussborrelli.com/2025/12/05/barr-barr-data-breach-investigation/
Barr Engineering Co. cybersecurity rating report: https://www.rankiteo.com/company/barr-engineering-co
"id": "BAR1764994668",
"linkid": "barr-engineering-co",
"type": "Breach",
"date": "12/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'incident': {'affected_entities': [{'customers_affected': 'Impacted '
'individuals '
'(specific number '
'not disclosed)',
'industry': None,
'location': None,
'name': 'Barr & Barr',
'size': None,
'type': 'Company'}],
'customer_advisories': '12 months complimentary credit '
'monitoring services provided to affected '
'individuals',
'data_breach': {'data_encryption': None,
'data_exfiltration': None,
'file_types_exposed': None,
'number_of_records_exposed': None,
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Name',
'Social Security '
'number']},
'date_detected': '2025-11-06',
'date_publicly_disclosed': '2025-12-04',
'description': 'Barr & Barr reported a data breach where '
'sensitive personal identifiable information may '
'have been compromised. The company detected '
'suspicious activity on its computer network and '
'confirmed unauthorized access and acquisition of '
'sensitive data.',
'impact': {'brand_reputation_impact': None,
'conversion_rate_impact': None,
'customer_complaints': None,
'data_compromised': 'Sensitive personal identifiable '
'information',
'downtime': None,
'financial_loss': None,
'identity_theft_risk': 'High',
'legal_liabilities': None,
'operational_impact': None,
'payment_information_risk': None,
'revenue_loss': None,
'systems_affected': 'Computer network'},
'initial_access_broker': {'backdoors_established': None,
'data_sold_on_dark_web': None,
'entry_point': None,
'high_value_targets': None,
'reconnaissance_period': None},
'investigation_status': 'Completed',
'post_incident_analysis': {'corrective_actions': None,
'root_causes': None},
'ransomware': {'data_encryption': None,
'data_exfiltration': None,
'ransom_demanded': None,
'ransom_paid': None,
'ransomware_strain': None},
'references': [{'date_accessed': None,
'source': 'Attorney General of Maine',
'url': None}],
'regulatory_compliance': {'fines_imposed': None,
'legal_actions': None,
'regulations_violated': None,
'regulatory_notifications': 'Filed '
'with the '
'Attorney '
'General '
'of Maine'},
'response': {'adaptive_behavioral_waf': None,
'communication_strategy': 'Data breach notification '
'letters mailed to '
'impacted individuals',
'containment_measures': None,
'enhanced_monitoring': None,
'incident_response_plan_activated': None,
'law_enforcement_notified': None,
'network_segmentation': None,
'on_demand_scrubbing_services': None,
'recovery_measures': None,
'remediation_measures': None,
'third_party_assistance': None},
'threat_actor': 'Unauthorized third party',
'title': 'Barr & Barr Data Breach',
'type': 'Data Breach'}}