Booz Allen Hamilton

Booz Allen Hamilton Holding Corporation suffered an insider breach involving the sensitive, personally identifiable information (PII) of active employees.

A former employee obtained and downloaded a copy of an internal report that was improperly stored on an internal Share Point site.

The breach compromised the PII in the report including name, Social Security number, compensation, gender, race, ethnicity, date of birth, and U.S. Government security clearance eligibility and status as of March 29, 2021.

The firm has offered employees two years of credit monitoring with Equifax.

Source: https://www.databreaches.net/booz-allen-hamilton-holding-corporation-notifies-employees-of-insider-breach/

TPRM report: https://scoringcyber.rankiteo.com/company/booz-allen-hamilton

"id": "boo1720151222",
"linkid": "booz-allen-hamilton",
"type": "Breach",
"date": "11/2022",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"

{'affected_entities': [{'industry': 'Consulting',
                        'name': 'Booz Allen Hamilton Holding Corporation',
                        'type': 'Company'}],
 'attack_vector': 'Insider Threat',
 'data_breach': {'personally_identifiable_information': 'Name, Social Security '
                                                        'number, compensation, '
                                                        'gender, race, '
                                                        'ethnicity, date of '
                                                        'birth, and U.S. '
                                                        'Government security '
                                                        'clearance eligibility '
                                                        'and status',
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': 'PII'},
 'description': 'Booz Allen Hamilton Holding Corporation suffered an insider '
                'breach involving the sensitive, personally identifiable '
                'information (PII) of active employees. A former employee '
                'obtained and downloaded a copy of an internal report that was '
                'improperly stored on an internal SharePoint site. The breach '
                'compromised the PII in the report including name, Social '
                'Security number, compensation, gender, race, ethnicity, date '
                'of birth, and U.S. Government security clearance eligibility '
                'and status as of March 29, 2021. The firm has offered '
                'employees two years of credit monitoring with Equifax.',
 'impact': {'data_compromised': 'PII, including name, Social Security number, '
                                'compensation, gender, race, ethnicity, date '
                                'of birth, and U.S. Government security '
                                'clearance eligibility and status'},
 'initial_access_broker': {'entry_point': 'Internal SharePoint site'},
 'post_incident_analysis': {'root_causes': 'Improper data storage'},
 'response': {'recovery_measures': 'Offered two years of credit monitoring '
                                   'with Equifax'},
 'threat_actor': 'Former Employee',
 'title': 'Booz Allen Hamilton Insider Breach',
 'type': 'Data Breach',
 'vulnerability_exploited': 'Improper data storage'}