CDMP Reports Data Breach Affecting Sensitive Personal Information
CDMP, a Vermont-based organization, disclosed a data breach in which unauthorized access to sensitive personal identifiable information (PII) may have occurred. The incident was detected on or around May 11, 2025, after suspicious activity was identified within its technical environment. Following an investigation, CDMP confirmed that an unauthorized third party accessed and potentially acquired PII stored in its systems.
The exposed data varies by individual but may include:
- Full names
- Social Security numbers
- Addresses
- Demographic details
- Dates of birth
- Government-issued identification (e.g., passports)
- Other personal identifiers
On December 31, 2025, CDMP began mailing breach notification letters to affected individuals, detailing the specific types of compromised information. As part of its response, the organization is offering complimentary credit monitoring services to impacted parties. The breach notice was filed with the Attorney General of Vermont, where additional details are available.
Source: https://straussborrelli.com/2026/02/24/cyrus-d-mehta-partners-data-breach-investigation/
DAMA InternationalĀ® cybersecurity rating report: https://www.rankiteo.com/company/dama-international007
"id": "DAM1772132386",
"linkid": "dama-international007",
"type": "Breach",
"date": "2/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Unknown',
'location': 'Vermont, USA',
'name': 'CDMP',
'type': 'Organization'}],
'customer_advisories': 'Breach notification letters detailing specific types '
'of compromised information',
'data_breach': {'data_exfiltration': 'Potential',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Full names',
'Social Security numbers',
'Addresses',
'Demographic details',
'Dates of birth',
'Government-issued '
'identification (e.g., '
'passports)',
'Other personal identifiers']},
'date_detected': '2025-05-11',
'date_publicly_disclosed': '2025-12-31',
'description': 'CDMP, a Vermont-based organization, disclosed a data breach '
'in which unauthorized access to sensitive personal '
'identifiable information (PII) may have occurred. The '
'incident was detected after suspicious activity was '
'identified within its technical environment, leading to '
'confirmation that an unauthorized third party accessed and '
'potentially acquired PII stored in its systems.',
'impact': {'data_compromised': 'Sensitive personal identifiable information '
'(PII)',
'identity_theft_risk': 'High'},
'investigation_status': 'Completed',
'recommendations': 'Offering complimentary credit monitoring services to '
'impacted parties',
'references': [{'source': 'Attorney General of Vermont'}],
'regulatory_compliance': {'regulatory_notifications': 'Filed with the '
'Attorney General of '
'Vermont'},
'response': {'communication_strategy': 'Breach notification letters mailed to '
'affected individuals'},
'threat_actor': 'Unauthorized third party',
'title': 'CDMP Data Breach Affecting Sensitive Personal Information',
'type': 'Data Breach'}