On December 18, 2024, the Vermont Office of the Attorney General disclosed a data breach affecting Centinel Financial Group, initially detected on April 29, 2024. The incident exposed highly sensitive personal information of individuals, including names, addresses, dates of birth, driver’s license numbers, financial account details, and Social Security numbers. While the breach had a broader scope, at least six individuals in Rhode Island were confirmed as directly impacted. The compromised data poses severe risks, such as identity theft, financial fraud, and long-term reputational harm to the affected individuals. Given the nature of the exposed information—particularly Social Security and financial account numbers—the breach carries significant potential for fraudulent activities, including unauthorized account access, loan applications, or tax fraud. The delayed public disclosure (nearly 8 months after detection) may further exacerbate trust issues with clients and regulatory bodies. The breach underscores critical vulnerabilities in Centinel Financial Group’s data protection measures, raising concerns about compliance with data security laws and the adequacy of their incident response protocols. The exposure of personally identifiable information (PII) at this scale typically triggers legal obligations, including notifications to affected parties, credit monitoring services, and potential regulatory penalties.
Source: https://ago.vermont.gov/document/2024-12-18-centinel-financial-group-data-breach-notice-consumers
TPRM report: https://www.rankiteo.com/company/centinel-financial-group-llc
"id": "cen208082125",
"linkid": "centinel-financial-group-llc",
"type": "Breach",
"date": "4/2024",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '6 (in Rhode Island)',
'industry': 'Finance/Insurance',
'name': 'Centinel Financial Group',
'type': 'Financial Services'}],
'data_breach': {'number_of_records_exposed': '6 (reported in Rhode Island)',
'personally_identifiable_information': ['Name',
'Address',
'Date of Birth',
'Driver’s License '
'Number',
'Social Security '
'Number'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Financial Data']},
'date_detected': '2024-04-29',
'date_publicly_disclosed': '2024-12-18',
'description': 'The Vermont Office of the Attorney General reported a data '
'breach involving Centinel Financial Group, identified on '
'April 29, 2024. The breach potentially exposed personal '
'information of individuals, including names, addresses, dates '
'of birth, driver’s license numbers, financial account '
'numbers, and Social Security numbers. Six individuals in '
'Rhode Island were specifically affected.',
'impact': {'data_compromised': ['Name',
'Address',
'Date of Birth',
'Driver’s License Number',
'Financial Account Number',
'Social Security Number'],
'identity_theft_risk': 'High (PII exposed)',
'payment_information_risk': 'High (Financial account numbers '
'exposed)'},
'references': [{'date_accessed': '2024-12-18',
'source': 'Vermont Office of the Attorney General'}],
'regulatory_compliance': {'regulatory_notifications': 'Vermont Office of the '
'Attorney General'},
'response': {'communication_strategy': 'Public disclosure via Vermont Office '
'of the Attorney General'},
'title': 'Centinel Financial Group Data Breach (2024)',
'type': 'Data Breach'}