On September 22, 2023, the Maine Office of the Attorney General disclosed a prolonged data breach affecting **Bassett Furniture Industries, Incorporated**, spanning from **July 29, 2021, to April 27, 2023**. The incident compromised sensitive financial data of **7,614 individuals**, including **13 Maine residents**. Exposed information included **names, billing addresses, payment card numbers, CVV codes, and expiration dates**—critical details that could facilitate fraudulent transactions or identity theft. The breach’s extended timeline (nearly **22 months**) suggests a sophisticated or undetected intrusion, potentially involving unauthorized access to payment processing systems or databases. While the exact attack vector (e.g., phishing, malware, or third-party vulnerability) was not specified, the exposure of **full payment card details (including CVV codes)** indicates a high-risk scenario for financial fraud. Customers affected may face unauthorized charges, account takeovers, or long-term credit monitoring burdens. The company’s delayed detection and disclosure further amplify reputational and regulatory risks, as prolonged breaches often violate compliance frameworks like **PCI DSS** (Payment Card Industry Data Security Standard). The incident underscores vulnerabilities in data protection practices, particularly for retailers handling high volumes of transactional data.
TPRM report: https://www.rankiteo.com/company/bassett-furniture-industries
"id": "bas013091825",
"linkid": "bassett-furniture-industries",
"type": "Breach",
"date": "7/2021",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 7614,
'industry': 'Furniture Retail',
'location': 'United States',
'name': 'Bassett Furniture Industries, Incorporated',
'type': 'Corporation'}],
'data_breach': {'data_exfiltration': 'Yes',
'number_of_records_exposed': 7614,
'personally_identifiable_information': 'Yes (names, billing '
'addresses)',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Financial account information',
'Personally identifiable '
'information (PII)']},
'date_publicly_disclosed': '2023-09-22',
'description': 'The Maine Office of the Attorney General reported a data '
'breach involving Bassett Furniture Industries, Incorporated. '
'The breach occurred between July 29, 2021, and April 27, '
'2023, affecting 7,614 individuals, including 13 Maine '
'residents. Compromised data included financial account '
'information such as names, billing addresses, payment card '
'numbers, CVV codes, and expiration dates.',
'impact': {'data_compromised': ['Names',
'Billing addresses',
'Payment card numbers',
'CVV codes',
'Expiration dates'],
'identity_theft_risk': 'High (financial account information '
'exposed)',
'payment_information_risk': 'High (payment card numbers, CVV '
'codes, expiration dates exposed)'},
'references': [{'date_accessed': '2023-09-22',
'source': 'Maine Office of the Attorney General'}],
'regulatory_compliance': {'regulatory_notifications': 'Maine Office of the '
'Attorney General'},
'response': {'communication_strategy': 'Public disclosure via Maine Office of '
'the Attorney General'},
'title': 'Bassett Furniture Industries Data Breach (2021–2023)',
'type': 'Data Breach'}