The Maine Office of the Attorney General disclosed a data breach affecting CopperPoint Insurance Company (alongside affiliated entities) on November 9, 2021, though the incident was initially detected on July 22, 2021. The breach stemmed from unauthorized access to employee email accounts, compromising sensitive data. The exposed information primarily included Social Security Numbers (SSNs), impacting 38,653 individuals, of which at least 2 were Maine residents. The breach highlights vulnerabilities in email security protocols, enabling attackers to infiltrate systems and exfiltrate personally identifiable information (PII). While the exact method of unauthorized access (e.g., phishing, credential stuffing) was not specified, the exposure of SSNs poses significant risks, including identity theft, financial fraud, and long-term reputational damage for affected individuals. The company likely faced regulatory scrutiny under state data protection laws, necessitating breach notifications, credit monitoring for victims, and potential fines. The incident underscores the critical need for robust email security measures, such as multi-factor authentication (MFA), employee cybersecurity training, and continuous monitoring to prevent similar exploits. The delayed public disclosure (nearly 4 months after detection) may further erode trust in the company’s transparency and incident response capabilities.
TPRM report: https://www.rankiteo.com/company/copperpoint
"id": "cop1014090725",
"linkid": "copperpoint",
"type": "Breach",
"date": "1/2021",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'customers_affected': '38,651 (excluding 2 Maine '
'residents)',
'industry': 'Insurance',
'name': 'CopperPoint Insurance Company',
'type': 'Insurance Company'},
{'customers_affected': 'Included in 38,653 total',
'industry': 'Insurance',
'name': 'Pacific Compensation Insurance Company',
'type': 'Insurance Company'},
{'customers_affected': 'Included in 38,653 total',
'industry': 'Insurance',
'name': 'Alaska National Insurance',
'type': 'Insurance Company'},
{'customers_affected': '2 residents',
'industry': 'Legal/Regulatory',
'location': 'Maine, USA',
'name': 'Maine Office of the Attorney General '
'(reporting entity)',
'type': 'Government Office'}],
'attack_vector': 'Unauthorized access to employee email accounts',
'data_breach': {'number_of_records_exposed': '38,653',
'personally_identifiable_information': 'Yes (SSNs)',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Social Security Numbers']},
'date_detected': '2021-07-22',
'date_publicly_disclosed': '2021-11-09',
'description': 'The Maine Office of the Attorney General reported a data '
'breach involving unauthorized access to employee email '
'accounts at CopperPoint Insurance Company, Pacific '
'Compensation Insurance Company, and Alaska National '
'Insurance. The breach potentially exposed Social Security '
'Numbers of 38,653 individuals, including 2 residents of '
'Maine.',
'impact': {'data_compromised': ['Social Security Numbers'],
'identity_theft_risk': 'High (SSNs exposed)',
'systems_affected': ['Employee email accounts']},
'initial_access_broker': {'entry_point': 'Employee email accounts'},
'references': [{'date_accessed': '2021-11-09',
'source': 'Maine Office of the Attorney General'}],
'regulatory_compliance': {'regulatory_notifications': 'Maine Attorney General '
'(as reporting entity)'},
'response': {'communication_strategy': 'Public disclosure via Maine Attorney '
'General'},
'title': 'Data Breach at CopperPoint Insurance Company, Pacific Compensation '
'Insurance Company, and Alaska National Insurance',
'type': 'Data Breach'}