The California Office of the Attorney General disclosed a data breach affecting Channel Control Merchants, LLC (CCM) in March 2021. The incident occurred between October 15 and November 5, 2020, when unauthorized actors gained access to employee email accounts. The breach exposed highly sensitive personal information, including names, Social Security numbers, driver’s license numbers, financial account details, health records, and tax identification numbers. The compromised data primarily belonged to employees, suggesting a targeted attack on internal systems, likely through phishing or credential theft. While the exact number of affected individuals was not specified, the exposure of financial, health, and identification data poses severe risks, including identity theft, financial fraud, and reputational harm to the company. The breach underscores vulnerabilities in email security protocols and the potential for long-term consequences for both the organization and its workforce. No evidence suggested customer data was impacted, but the scope of employee data leakage remains critical.
Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-539173
TPRM report: https://www.rankiteo.com/company/channel-control-merchants-llc
"id": "cha429082125",
"linkid": "channel-control-merchants-llc",
"type": "Breach",
"date": "10/2020",
"severity": "85",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'name': 'Channel Control Merchants, LLC (CCM)',
'type': 'Private Company'}],
'attack_vector': 'Unauthorized Access (Email Compromise)',
'data_breach': {'data_exfiltration': 'Likely (unauthorized access to email '
'accounts)',
'personally_identifiable_information': True,
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Protected Health Information '
'(PHI)',
'Financial Information']},
'date_publicly_disclosed': '2021-03-16',
'description': 'The California Office of the Attorney General reported a data '
'breach involving Channel Control Merchants, LLC (CCM). The '
'breach occurred between October 15 and November 5, 2020, and '
'involved unauthorized access to employee email accounts, '
'potentially exposing personal information such as names, '
"Social Security numbers, driver's license numbers, financial "
'account information, health information, and tax '
'identification numbers.',
'impact': {'data_compromised': ['Names',
'Social Security numbers',
"Driver's license numbers",
'Financial account information',
'Health information',
'Tax identification numbers'],
'identity_theft_risk': 'High (PII exposed)',
'payment_information_risk': 'High (Financial account information '
'exposed)',
'systems_affected': ['Employee email accounts']},
'initial_access_broker': {'entry_point': 'Employee email accounts'},
'references': [{'source': 'California Office of the Attorney General'}],
'regulatory_compliance': {'regulations_violated': ['Potential violation of '
'California Consumer '
'Privacy Act (CCPA)',
'Potential violation of '
'Health Insurance '
'Portability and '
'Accountability Act '
'(HIPAA) if health data '
'was exposed'],
'regulatory_notifications': ['California Office of '
'the Attorney '
'General']},
'title': 'Data Breach at Channel Control Merchants, LLC (CCM)',
'type': 'Data Breach'}