Capital Asset Management Group, Inc. (CAMG) suffered a data breach resulting from unauthorized access to an employee’s email account between January 19, 2024, and February 9, 2024. The incident exposed the personal information of two Maine residents, including their names, Social Security numbers, and financial account details. While the breach was limited in scope, the compromised data particularly Social Security and financial records poses a significant risk of identity theft and fraud. CAMG responded by issuing notification letters on October 23, 2024, and offered affected individuals identity theft protection services through Equifax as a remedial measure. The breach highlights vulnerabilities in email security protocols, emphasizing the need for stricter access controls and monitoring to prevent similar incidents in the future.
TPRM report: https://www.rankiteo.com/company/capital-asset-management-group
"id": "cap732082025",
"linkid": "capital-asset-management-group",
"type": "Breach",
"date": "1/2024",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 2,
'industry': 'Asset Management',
'name': 'Capital Asset Management Group, Inc. (CAMG)',
'type': 'Financial Services'}],
'attack_vector': 'Compromised Employee Email Account',
'customer_advisories': ['Notification letters mailed on October 23, 2024'],
'data_breach': {'data_exfiltration': 'Likely (data accessed via email '
'account)',
'number_of_records_exposed': 2,
'personally_identifiable_information': ['Names',
'Social Security '
'Numbers',
'Financial Account '
'Numbers'],
'sensitivity_of_data': 'High (includes SSNs and financial '
'account numbers)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)']},
'date_publicly_disclosed': '2024-10-23',
'description': 'The Maine Office of the Attorney General reported that '
'Capital Asset Management Group, Inc. (CAMG) experienced a '
"data breach due to unauthorized access to an employee's email "
'account between January 19, 2024, and February 9, 2024. The '
'breach potentially affected the personal information of 2 '
'Maine residents, including names and possibly Social Security '
'and financial account numbers. Notification letters were '
'mailed on October 23, 2024, and CAMG offered identity theft '
'protection services through Equifax.',
'impact': {'brand_reputation_impact': 'Potential (due to data breach '
'disclosure)',
'data_compromised': ['Names',
'Social Security Numbers (potential)',
'Financial Account Numbers (potential)'],
'identity_theft_risk': 'High (due to exposed PII)',
'payment_information_risk': 'Potential (financial account numbers '
'possibly exposed)',
'systems_affected': ['Employee Email Account']},
'initial_access_broker': {'entry_point': 'Employee Email Account'},
'references': [{'source': 'Maine Office of the Attorney General'}],
'regulatory_compliance': {'regulatory_notifications': ['Maine Office of the '
'Attorney General']},
'response': {'communication_strategy': ['Mailed notification letters to '
'affected individuals'],
'incident_response_plan_activated': 'Likely (based on '
'notification and '
'remediation)',
'remediation_measures': ['Offered identity theft protection '
'services to affected individuals'],
'third_party_assistance': ['Equifax (identity theft protection '
'services)']},
'title': 'Capital Asset Management Group, Inc. (CAMG) Data Breach via '
'Unauthorized Email Access',
'type': 'Data Breach (Unauthorized Access)'}