CBMM Reports Data Breach Affecting Sensitive Personal Information
CBMM, a data management organization, disclosed a cybersecurity incident in which unauthorized access to sensitive personal information may have occurred. On August 9, 2024, the company detected suspicious activity within its systems and initiated an investigation.
The probe confirmed that an unauthorized third party accessed and potentially acquired personal data between August 8 and August 9, 2024. The exposed information varies by individual but may include names, Social Security numbers, and financial account details.
Nearly 17 months after the breach, on December 30, 2025, CBMM began notifying affected individuals via mail. The notifications outline the specific data compromised and offer complimentary credit monitoring services. The breach notice was filed with the Attorney General of Maine, where details of the incident are publicly available.
Source: https://straussborrelli.com/2026/01/07/chesapeake-bay-maritime-museum-data-breach-investigation/
CBMM cybersecurity rating report: https://www.rankiteo.com/company/cbmm
"id": "CBM1767807505",
"linkid": "cbmm",
"type": "Breach",
"date": "8/2024",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Impacted individuals (exact '
'number not specified)',
'name': 'CBMM',
'type': 'Company'}],
'customer_advisories': 'Provided complimentary credit monitoring services and '
'a list of specific types of sensitive information '
'impacted',
'data_breach': {'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Name',
'Social Security number',
'Financial account information']},
'date_detected': '2024-08-09',
'date_publicly_disclosed': '2025-12-30',
'description': 'CBMM reported a data breach where sensitive personal '
'identifiable information may have been compromised. The '
'company detected suspicious activity on August 9, 2024, and '
'confirmed unauthorized access to its systems between August 8 '
'and August 9, 2024. The breach exposed names, Social Security '
'numbers, and financial account information.',
'impact': {'data_compromised': 'Sensitive personal identifiable information',
'identity_theft_risk': 'High',
'payment_information_risk': 'High'},
'investigation_status': 'Completed',
'references': [{'source': 'Attorney General of Maine'}],
'regulatory_compliance': {'regulatory_notifications': 'Filed breach '
'notification with the '
'Attorney General of '
'Maine'},
'response': {'communication_strategy': 'Mailed data breach notification '
'letters to impacted individuals'},
'threat_actor': 'Unauthorized third party',
'title': 'CBMM Data Breach',
'type': 'Data Breach'}