The California Office of the Attorney General reported a data breach involving CRC Insurance Services, LLC on July 26, 2023. The breach, which occurred on January 13, 2023, involved unauthorized access to a small number of employee email accounts due to phishing emails, potentially exposing personal information such as names and addresses, but there is no confirmation that any individual's information was accessed or used for unauthorized purposes.
Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-570861
TPRM report: https://www.rankiteo.com/company/crc-insurance-services-inc-
"id": "crc627072825",
"linkid": "crc-insurance-services-inc-",
"type": "Breach",
"date": "1/2023",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'industry': 'Insurance',
'name': 'CRC Insurance Services, LLC',
'type': 'Company'}],
'attack_vector': 'Phishing',
'data_breach': {'personally_identifiable_information': ['Names', 'Addresses'],
'type_of_data_compromised': ['Names', 'Addresses']},
'date_detected': '2023-01-13',
'date_publicly_disclosed': '2023-07-26',
'description': 'The California Office of the Attorney General reported a data '
'breach involving CRC Insurance Services, LLC on July 26, '
'2023. The breach, which occurred on January 13, 2023, '
'involved unauthorized access to a small number of employee '
'email accounts due to phishing emails, potentially exposing '
'personal information such as names and addresses, but there '
"is no confirmation that any individual's information was "
'accessed or used for unauthorized purposes.',
'impact': {'data_compromised': ['Names', 'Addresses']},
'initial_access_broker': {'entry_point': 'Phishing Emails'},
'post_incident_analysis': {'root_causes': 'Phishing Emails'},
'references': [{'date_accessed': '2023-07-26',
'source': 'California Office of the Attorney General'}],
'title': 'Data Breach at CRC Insurance Services, LLC',
'type': 'Data Breach',
'vulnerability_exploited': 'Email Accounts'}