Brown-Forman Corporation

The Maine Office of the Attorney General disclosed on **May 10, 2021**, that **Brown-Forman Corporation** suffered a **data breach** due to unauthorized access to its internal network, initially detected on **July 28, 2020**, and confirmed on **August 4, 2020**. The incident impacted **72 individuals**, with compromised data potentially including **Social Security numbers (SSNs)** and **credit card information linked to expired cards**. The breach exposed sensitive personal and financial details, raising concerns over identity theft, fraud, and reputational harm. While the compromised credit card data pertained to expired cards—reducing immediate financial risk—the exposure of **SSNs** poses long-term threats, as such information is permanent and highly valuable to cybercriminals. The company likely faced regulatory scrutiny, customer distrust, and potential legal liabilities due to the failure to safeguard personally identifiable information (PII). The attack underscores vulnerabilities in corporate network security, particularly in protecting high-value employee and customer data from unauthorized intrusions. Though the scale was limited to 72 individuals, the nature of the exposed data elevates the severity of the incident.

Source: https://www.maine.gov/agviewer/content/ag/985235c7-cb95-4be2-8792-a1252b4f8318/eaf2b678-f101-46d3-a45d-af2ee7981574.shtml

TPRM report: https://www.rankiteo.com/company/brown-forman

"id": "bro1000091725",
"linkid": "brown-forman",
"type": "Breach",
"date": "7/2020",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'customers_affected': 72,
                        'industry': 'Beverage (Alcohol)',
                        'location': 'Louisville, Kentucky, USA',
                        'name': 'Brown-Forman Corporation',
                        'type': 'Corporation'}],
 'data_breach': {'number_of_records_exposed': 72,
                 'personally_identifiable_information': True,
                 'sensitivity_of_data': 'High (SSNs, payment data)',
                 'type_of_data_compromised': ['Social Security numbers',
                                              'credit card information '
                                              '(expired)']},
 'date_detected': '2020-07-28',
 'date_publicly_disclosed': '2021-05-10',
 'description': 'The Maine Office of the Attorney General reported that '
                'Brown-Forman Corporation experienced a data breach involving '
                'unauthorized access to their internal network. A total of 72 '
                'individuals were affected, with potentially compromised '
                'information including Social Security numbers and/or credit '
                'card information associated with expired cards.',
 'impact': {'data_compromised': ['Social Security numbers',
                                 'credit card information (expired cards)'],
            'identity_theft_risk': 'Potential (due to SSN exposure)',
            'payment_information_risk': 'Potential (expired credit card data)',
            'systems_affected': ['internal network']},
 'investigation_status': 'Confirmed (as of 2020-08-04)',
 'references': [{'date_accessed': '2021-05-10',
                 'source': 'Maine Office of the Attorney General'}],
 'regulatory_compliance': {'regulatory_notifications': ['Maine Office of the '
                                                        'Attorney General']},
 'title': 'Brown-Forman Corporation Data Breach (2020)',
 'type': 'Data Breach'}