Bristol Bay Construction Holdings (BBCH) suffered a data breach initiated through a phishing scam, resulting in the unauthorized download of an employee census report. The compromised data included names and Social Security numbers of 27 Maine residents, all of whom were employees or former employees of the company. The breach was detected on January 9, 2024, but affected individuals were not notified until April 9, 2024, raising concerns about delayed response. The incident highlights vulnerabilities in BBCH’s cybersecurity defenses, particularly against social engineering tactics like phishing, which directly targeted sensitive employee information. The exposure of Social Security numbers poses significant risks, including identity theft and financial fraud for the impacted individuals. While the breach was contained to employee data, the nature of the stolen information elevates the severity due to its potential for long-term misuse.
TPRM report: https://www.rankiteo.com/company/bbch-llc
"id": "bbc030090625",
"linkid": "bbch-llc",
"type": "Breach",
"date": "11/2023",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'customers_affected': 27,
'industry': 'Construction',
'location': {'country': 'United States',
'state': 'Maine'},
'name': 'Bristol Bay Construction Holdings (BBCH)',
'type': 'Private Company'}],
'attack_vector': 'Phishing',
'customer_advisories': 'Notification letters sent to 27 affected Maine '
'residents',
'data_breach': {'data_exfiltration': 'Yes (unauthorized download of employee '
'census report)',
'file_types_exposed': ['Employee Census Report'],
'number_of_records_exposed': 27,
'personally_identifiable_information': ['Names',
'Social Security '
'Numbers'],
'sensitivity_of_data': 'High (SSNs included)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)']},
'date_detected': '2024-01-09',
'description': "The Maine Attorney General's Office reported that Bristol Bay "
'Construction Holdings (BBCH) experienced a data breach '
'involving a phishing scam that led to the unauthorized '
'download of an employee census report containing the names '
'and Social Security numbers of 27 Maine residents.',
'impact': {'brand_reputation_impact': 'Potential (due to sensitive PII '
'exposure)',
'data_compromised': ['Names', 'Social Security Numbers'],
'identity_theft_risk': 'High (SSNs compromised)'},
'investigation_status': 'Discovered (2024-01-09); Notifications sent '
'(2024-04-09)',
'references': [{'source': "Maine Attorney General's Office"}],
'regulatory_compliance': {'regulatory_notifications': 'Maine Attorney '
"General's Office "
'notified'},
'response': {'communication_strategy': 'Notification letters sent to affected '
'individuals (2024-04-09)'},
'title': 'Bristol Bay Construction Holdings Data Breach via Phishing Scam',
'type': 'Data Breach',
'vulnerability_exploited': 'Human Error (Phishing Susceptibility)'}