On May 20, 2022, SinglePoint experienced a physical security breach when its office was broken into, resulting in the theft of two laptops. One of the stolen devices contained unencrypted W2 print files, exposing sensitive employee data, including names and Social Security numbers (SSNs). The breach was reported to the California Office of the Attorney General on August 3, 2022. While the incident originated from a physical intrusion rather than a direct cyber attack, the compromise of personally identifiable information (PII) of employees poses significant risks, such as identity theft, financial fraud, and reputational harm to the affected individuals. The company’s failure to secure the laptops particularly those holding unencrypted sensitive data highlights vulnerabilities in both physical and data protection protocols. The exposed SSNs are high-value targets for cybercriminals, amplifying the potential long-term consequences for the impacted employees. No evidence suggests customer data or broader systems were affected, but the breach underscores the critical need for robust encryption and access controls for portable devices storing confidential information.
Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-555935
TPRM report: https://www.rankiteo.com/company/boltacity
"id": "bol453082125",
"linkid": "boltacity",
"type": "Breach",
"date": "5/2022",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'location': 'California, USA',
'name': 'SinglePoint',
'type': 'Company'}],
'attack_vector': 'Physical Theft (Office Break-in)',
'data_breach': {'data_encryption': 'No (implied by risk of exposure)',
'data_exfiltration': 'Yes (via physical theft)',
'file_types_exposed': ['W2 Print Files'],
'personally_identifiable_information': ['Names',
'Social Security '
'Numbers'],
'sensitivity_of_data': 'High (SSNs included)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)']},
'date_detected': '2022-05-20',
'date_publicly_disclosed': '2022-08-03',
'description': 'The California Office of the Attorney General reported a data '
'breach involving SinglePoint on August 3, 2022. The breach '
'occurred on May 20, 2022, when the SinglePoint office was '
'broken into, resulting in the theft of two laptops, one of '
"which potentially contained employees' W2 print files "
'including names and Social Security numbers.',
'impact': {'data_compromised': ['Employee W2 Files (Names, Social Security '
'Numbers)'],
'identity_theft_risk': 'High (SSNs exposed)',
'systems_affected': ['2 Laptops']},
'post_incident_analysis': {'root_causes': ['Inadequate Physical Security',
'Lack of Device Encryption']},
'references': [{'date_accessed': '2022-08-03',
'source': 'California Office of the Attorney General'}],
'regulatory_compliance': {'regulatory_notifications': ['California Office of '
'the Attorney '
'General']},
'response': {'communication_strategy': 'Public Disclosure via California '
'Office of the Attorney General'},
'title': 'Data Breach at SinglePoint Involving Theft of Laptops Containing '
'Employee W2 Information',
'type': 'Data Breach (Physical Theft)',
'vulnerability_exploited': 'Lack of Physical Security / Unencrypted Laptops'}