The Maine Office of the Attorney General disclosed that Charmant USA suffered an external system breach between September 20–24, 2023, where unauthorized actors gained access to their network. The intrusion was detected on October 30, 2023, revealing that the financial account information paired with security details of two residents had been compromised. While the breach was contained, the exposed data included sensitive financial credentials, raising risks of fraud or identity theft. In response, Charmant initiated notification letters on November 29, 2023, offering one year of identity monitoring services via Kroll to affected individuals. The incident highlights vulnerabilities in external system defenses, though the limited scope (only two individuals) suggests targeted rather than mass exploitation. The compromised data’s nature (financial + security details) elevates the potential for downstream financial harm, despite the small victim count.
TPRM report: https://www.rankiteo.com/company/charmant-usa
"id": "cha023091825",
"linkid": "charmant-usa",
"type": "Breach",
"date": "9/2023",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '2',
'location': 'USA (Maine residents affected)',
'name': 'Charmant USA',
'type': 'Company'}],
'customer_advisories': 'Notification letters with offer of 1 year identity '
'monitoring via Kroll',
'data_breach': {'data_exfiltration': 'Likely (data compromised)',
'number_of_records_exposed': '2',
'personally_identifiable_information': 'Yes (financial + '
'security details)',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['financial account information',
'security details']},
'date_detected': '2023-10-30',
'date_publicly_disclosed': '2023-11-29',
'description': 'The Maine Office of the Attorney General reported that '
'Charmant USA experienced an external system breach involving '
'unauthorized access to their network from September 20, 2023 '
'to September 24, 2023. The breach, discovered on October 30, '
'2023, affected 2 residents, compromising their financial '
'account information in combination with security details. '
'Charmant began mailing notification letters on November 29, '
'2023, offering one year of identity monitoring services '
'through Kroll.',
'impact': {'data_compromised': ['financial account information',
'security details'],
'identity_theft_risk': 'High (financial account + security details '
'compromised)',
'payment_information_risk': 'Yes'},
'investigation_status': 'Disclosed (notification letters sent)',
'references': [{'source': 'Maine Office of the Attorney General'}],
'regulatory_compliance': {'regulatory_notifications': 'Maine Office of the '
'Attorney General'},
'response': {'communication_strategy': 'Notification letters mailed to '
'affected individuals (2023-11-29)',
'incident_response_plan_activated': 'Likely (notification '
'letters sent)',
'third_party_assistance': 'Kroll (identity monitoring services)'},
'title': 'Charmant USA External System Breach',
'type': 'External System Breach / Unauthorized Access'}