The Vermont Office of the Attorney General disclosed a data breach affecting Business Resource Services on June 16, 2023. The incident involved an unsecured email sent on March 22, 2023, which contained Personally Identifiable Information (PII) tied to COBRA notices, including Social Security Numbers (SSNs) and dates of birth. The breach was detected on June 2, 2023, when the exposed email was identified. While the scope appears limited, the incident confirmed that at least five Rhode Island residents had their sensitive data compromised. The exposed PII poses risks of identity theft, financial fraud, or targeted phishing attacks against the affected individuals. The company has not disclosed whether the breach resulted from a targeted cyber attack, an internal error, or a vulnerability exploitation, but the exposure of SSNs highly sensitive identifiers elevates the potential for long-term harm to the victims. Regulatory scrutiny and potential legal repercussions may follow, given the nature of the leaked data and the delay in detection.
TPRM report: https://www.rankiteo.com/company/brsvt
"id": "brs510082125",
"linkid": "brsvt",
"type": "Breach",
"date": "3/2023",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '5 (Rhode Island residents)',
'industry': 'Healthcare/Insurance Administration',
'location': 'Vermont, USA',
'name': 'Business Resource Services',
'type': 'Service Provider (COBRA Administration)'}],
'attack_vector': 'Email (Misconfigured or Accidental Exposure)',
'data_breach': {'data_exfiltration': 'Yes (via email)',
'file_types_exposed': ['Email (COBRA notices)'],
'number_of_records_exposed': '5 (known)',
'personally_identifiable_information': ['Social Security '
'Numbers',
'Dates of Birth'],
'sensitivity_of_data': 'High (SSNs, Dates of Birth)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)']},
'date_detected': '2023-06-02',
'date_publicly_disclosed': '2023-06-16',
'description': 'The Vermont Office of the Attorney General reported that '
'Business Resource Services experienced a data breach exposing '
'Personally Identifiable Information (PII) related to COBRA '
'notices, including Social Security Numbers and dates of '
'birth. The breach was identified when an email sent on March '
'22, 2023, containing PII was discovered. At least 5 Rhode '
'Island residents were affected.',
'impact': {'brand_reputation_impact': 'Potential (PII Exposure)',
'data_compromised': ['Social Security Numbers', 'Dates of Birth'],
'identity_theft_risk': 'High (SSNs and DOBs exposed)'},
'investigation_status': 'Disclosed (Ongoing or Closed status unclear)',
'post_incident_analysis': {'root_causes': 'Accidental exposure of PII via '
'email (likely human error or '
'misconfiguration)'},
'references': [{'date_accessed': '2023-06-16',
'source': 'Vermont Office of the Attorney General'}],
'regulatory_compliance': {'regulatory_notifications': 'Vermont Office of the '
'Attorney General'},
'response': {'communication_strategy': 'Public Disclosure via Vermont '
'Attorney General'},
'title': 'Business Resource Services Data Breach Exposing PII in COBRA '
'Notices',
'type': 'Data Breach'}