CMC Tax Services, Inc.

CMC Tax Services, Inc. suffered a data breach where an unauthorized third party infiltrated their network over an extended period, spanning from November 30, 2020, to May 17, 2021. The intrusion resulted in the exposure of sensitive client personal information, including full names and Social Security numbers (SSNs) highly valuable data for identity theft and financial fraud. The breach was formally reported to the California Office of the Attorney General on July 20, 2021, indicating a delayed discovery or disclosure. The compromised data poses severe risks to affected individuals, as SSNs are permanent identifiers often exploited in fraudulent activities such as loan applications, tax fraud, or unauthorized account openings. The prolonged access period suggests potential lateral movement within the network, increasing the likelihood of extensive data exfiltration. While the exact number of impacted clients remains undisclosed, the nature of the exposed data aligns with high-severity incidents involving customer personal information leaks, amplifying reputational, legal, and financial repercussions for the company.

Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-543068

TPRM report: https://www.rankiteo.com/company/collins-mason-&-company

"id": "col1004091725",
"linkid": "collins-mason-&-company",
"type": "Breach",
"date": "11/2020",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'industry': 'Tax Services / Financial',
                        'location': 'California, USA',
                        'name': 'CMC Tax Services, Inc.',
                        'type': 'Private Company'}],
 'data_breach': {'data_exfiltration': 'Yes',
                 'personally_identifiable_information': ['Full Names',
                                                         'Social Security '
                                                         'Numbers'],
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Personally Identifiable '
                                              'Information (PII)']},
 'date_publicly_disclosed': '2021-07-20',
 'description': 'The California Office of the Attorney General reported that '
                'CMC Tax Services, Inc. experienced a data breach where an '
                'unauthorized third party accessed their network between '
                'November 30, 2020, and May 17, 2021. The breach involved '
                'client personal information, including full names and Social '
                'Security numbers, and was reported on July 20, 2021.',
 'impact': {'data_compromised': ['Full Names', 'Social Security Numbers'],
            'identity_theft_risk': 'High'},
 'initial_access_broker': {'high_value_targets': ['Client Personal '
                                                  'Information'],
                           'reconnaissance_period': {'end': '2021-05-17',
                                                     'start': '2020-11-30'}},
 'references': [{'source': 'California Office of the Attorney General'}],
 'regulatory_compliance': {'regulatory_notifications': ['California Office of '
                                                        'the Attorney '
                                                        'General']},
 'threat_actor': 'Unauthorized Third Party',
 'title': 'CMC Tax Services, Inc. Data Breach (2020-2021)',
 'type': 'Data Breach'}

CMC Tax Services, Inc.

Pass’Sport: Have I Been Pwned’s Post

Pax8: Cloud marketplace Pax8 accidentally exposes data on 1,800 MSP partners

Kaiser Permanente: Kaiser Permanente reaches $46 million settlement over data breach — how to file your claim