Connor Group

In March 2021, the Maine Office of the Attorney General disclosed a data breach affecting Connor Group, which occurred between August 8 and September 11, 2020. The incident involved unauthorized access to an employee’s email account, leading to the potential exposure of Social Security Numbers (SSNs) of 18,424 individuals, including three Maine residents. The breach posed a significant risk of identity theft, prompting the company to offer 12 months of identity theft protection services via Kroll to those impacted. The exposed data, primarily SSNs, falls under highly sensitive personal information, heightening concerns over fraud, financial exploitation, and long-term reputational damage for both the affected individuals and the organization. While the breach was contained to a single email account, the scale of exposed records and the nature of the compromised data underscore the severity of the incident. No evidence of misuse was immediately reported, but the proactive offering of credit monitoring reflects the potential for severe downstream consequences, including financial fraud or identity theft for the victims.

Source: https://www.maine.gov/agviewer/content/ag/985235c7-cb95-4be2-8792-a1252b4f8318/95c77766-3e38-4337-b5b7-c4fa92da2628.shtml

TPRM report: https://www.rankiteo.com/company/connorgp

"id": "con155082025",
"linkid": "connorgp",
"type": "Breach",
"date": "8/2020",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'customers_affected': '18,424 individuals (including 3 '
                                              'Maine residents)',
                        'name': 'Connor Group',
                        'type': 'Organization'},
                       {'industry': 'Legal/Regulatory',
                        'location': 'Maine, USA',
                        'name': 'Maine Office of the Attorney General',
                        'type': 'Government'}],
 'attack_vector': 'Unauthorized Access (Email Account Compromise)',
 'customer_advisories': 'Identity theft protection services offered through '
                        'Kroll for 12 months to affected individuals.',
 'data_breach': {'number_of_records_exposed': '18,424',
                 'personally_identifiable_information': 'Yes (Social Security '
                                                        'Numbers)',
                 'sensitivity_of_data': 'High (Personally Identifiable '
                                        'Information)',
                 'type_of_data_compromised': ['Social Security Numbers']},
 'date_publicly_disclosed': '2021-03-20',
 'description': 'The Maine Office of the Attorney General reported a data '
                'breach involving Connor Group that occurred between August 8 '
                'and September 11, 2020. The breach involved unauthorized '
                'access to an employee email account, potentially exposing the '
                'Social Security Numbers of 18,424 individuals, including 3 '
                'residents of Maine. Identity theft protection services were '
                'offered through Kroll for 12 months to affected individuals.',
 'impact': {'data_compromised': ['Social Security Numbers'],
            'identity_theft_risk': 'High (SSNs exposed)',
            'systems_affected': ['Employee Email Account']},
 'initial_access_broker': {'entry_point': 'Employee Email Account'},
 'references': [{'source': 'Maine Office of the Attorney General'}],
 'regulatory_compliance': {'regulatory_notifications': ['Maine Office of the '
                                                        'Attorney General']},
 'response': {'third_party_assistance': ['Kroll (Identity Theft Protection '
                                         'Services)']},
 'title': 'Connor Group Data Breach (2020)',
 'type': 'Data Breach'}