Cybersecurity Authority: CSA Tax Data Breach Investigation

CSA Reports Data Breach Impacting Sensitive Personal Information

The Cybersecurity Authority (CSA) disclosed a data breach that may have exposed sensitive personal identifiable information (PII) under its protection. On or around December 2, 2025, CSA experienced a network disruption affecting certain systems, prompting an immediate investigation.

The probe confirmed that an unauthorized third party accessed sensitive data during the breach. While the exact scope of exposure varies by individual, the compromised information potentially includes names and Social Security numbers.

On February 20, 2026, CSA began notifying affected individuals via mail, detailing the specific types of data impacted. As part of its response, CSA is offering complimentary credit monitoring services to those affected. The breach notice was filed with the Attorney General of Maine, where regulatory disclosures are publicly accessible.

Source: https://straussborrelli.com/2026/02/23/csa-tax-data-breach-investigation/

Cybersecurity Authority TPRM report: https://www.rankiteo.com/company/cyber-security-authority

"id": "cyb1771973485",
"linkid": "cyber-security-authority",
"type": "Breach",
"date": "2/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'customers_affected': 'Varies by individual',
                        'industry': 'Cybersecurity',
                        'name': 'Cybersecurity Authority (CSA)',
                        'type': 'Government/Regulatory'}],
 'customer_advisories': 'Offering complimentary credit monitoring services to '
                        'affected individuals',
 'data_breach': {'personally_identifiable_information': 'Yes',
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Names',
                                              'Social Security numbers']},
 'date_detected': '2025-12-02',
 'date_publicly_disclosed': '2026-02-20',
 'description': 'The Cybersecurity Authority (CSA) disclosed a data breach '
                'that may have exposed sensitive personal identifiable '
                'information (PII) under its protection. An unauthorized third '
                'party accessed sensitive data, including names and Social '
                'Security numbers.',
 'impact': {'data_compromised': 'Sensitive personal identifiable information '
                                '(PII)',
            'identity_theft_risk': 'High'},
 'investigation_status': 'Ongoing',
 'references': [{'source': 'Attorney General of Maine'}],
 'regulatory_compliance': {'regulatory_notifications': 'Filed with the '
                                                       'Attorney General of '
                                                       'Maine'},
 'response': {'communication_strategy': 'Notified affected individuals via '
                                        'mail on February 20, 2026'},
 'threat_actor': 'Unauthorized third party',
 'title': 'CSA Data Breach Impacting Sensitive Personal Information',
 'type': 'Data Breach'}

Cybersecurity Authority: CSA Tax Data Breach Investigation

U.S. Government Agencies: BREAKING: Iran appears to have conducted a significant cyberattack against a U.S. company

Tangoe US Inc.: Tangoe Data Breach Class Action Settlement

Shoppers Drug Mart, President’s Choice, Loblaw, No Frills and PC Optimum: “Threat Actor” on the dark web claims Loblaw’s “low-level” data breach is a much larger threat