Cardiva Medical, Inc. suffered a data breach between March 15, 2021, and March 23, 2021, caused by an external system breach (hacking). The incident exposed sensitive personal information of 637 individuals, including at least one Maine resident. Compromised data included names, addresses, Social Security numbers, bank account details, compensation and benefit information, and driver’s license numbers—highly valuable for identity theft and financial fraud. The breach posed severe risks, as the leaked data could enable fraudulent financial transactions, identity theft, and long-term reputational harm to affected individuals. In response, Cardiva offered two years of identity theft protection services via Experian to mitigate potential damages. The breach underscores the critical need for robust cybersecurity measures, particularly in safeguarding highly sensitive employee and customer data from external threats. Given the nature of the exposed information, the incident likely eroded trust among employees, customers, and partners, while also inviting regulatory scrutiny over data protection compliance.
TPRM report: https://www.rankiteo.com/company/cardiva
"id": "car226090125",
"linkid": "cardiva",
"type": "Breach",
"date": "3/2021",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 637,
'industry': 'Medical/Healthcare',
'name': 'Cardiva Medical, Inc.',
'type': 'Company'}],
'attack_vector': 'External System Breach (Hacking)',
'customer_advisories': 'Identity theft protection services offered for 2 '
'years via Experian',
'data_breach': {'data_exfiltration': True,
'number_of_records_exposed': 637,
'personally_identifiable_information': True,
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Financial Information']},
'date_detected': '2021-03-23',
'description': 'The Maine Office of the Attorney General reported that '
'Cardiva Medical, Inc. experienced a data breach from March '
'15, 2021, to March 23, 2021, due to an external system breach '
'(hacking), affecting 637 individuals. The breach involved '
'personal information such as names, addresses, social '
'security numbers, bank account information, compensation, '
"benefit information, and driver's license numbers. Identity "
'theft protection services were offered for two years through '
'Experian.',
'impact': {'data_compromised': ['Names',
'Addresses',
'Social Security Numbers',
'Bank Account Information',
'Compensation Information',
'Benefit Information',
"Driver's License Numbers"],
'identity_theft_risk': 'High (PII exposed)',
'payment_information_risk': 'High (Bank account information '
'exposed)'},
'references': [{'source': 'Maine Office of the Attorney General'}],
'regulatory_compliance': {'regulatory_notifications': 'Maine Office of the '
'Attorney General'},
'response': {'recovery_measures': 'Offered 2 years of identity theft '
'protection services via Experian',
'third_party_assistance': 'Experian (Identity Theft Protection '
'Services)'},
'title': 'Cardiva Medical, Inc. Data Breach (March 2021)',
'type': 'Data Breach'}