The Maine Office of the Attorney General disclosed a data breach affecting Data Media Associates, LLC (DMA) on September 25, 2023, stemming from a MOVEit software exploit between May 31 and June 1, 2023. The incident compromised personal information of 98,496 individuals, including 133 Maine residents, with Social Security numbers (SSNs) among the exposed data. SSNs are highly sensitive identifiers, making affected individuals vulnerable to identity theft, financial fraud, and long-term reputational harm. DMA responded by offering 12 months of identity theft protection services via IDX to mitigate risks for victims. The breach highlights vulnerabilities in third-party software (MOVEit), a critical tool for secure file transfers, and underscores the cascading risks when such systems are exploited. The scale of the breach nearly 100,000 records suggests systemic exposure, with potential downstream effects like fraudulent account openings, tax fraud, or targeted phishing attacks leveraging the stolen SSNs. The incident aligns with broader trends of supply-chain attacks, where attackers exploit trusted vendor software to infiltrate multiple organizations simultaneously.
TPRM report: https://www.rankiteo.com/company/data-media-associates-inc.
"id": "dat758082025",
"linkid": "data-media-associates-inc.",
"type": "Breach",
"date": "5/2023",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 98496,
'name': 'Data Media Associates, LLC (DMA)',
'type': 'Private Company'}],
'attack_vector': 'Software Exploit (MOVEit)',
'customer_advisories': ['12 months of identity theft protection services '
'offered to affected individuals'],
'data_breach': {'data_exfiltration': 'Yes',
'number_of_records_exposed': 98496,
'personally_identifiable_information': ['Social Security '
'numbers'],
'sensitivity_of_data': 'High (includes Social Security '
'numbers)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)']},
'date_publicly_disclosed': '2023-09-25',
'description': 'The Maine Office of the Attorney General reported a data '
'breach involving Data Media Associates, LLC (DMA) on '
'September 25, 2023. The breach occurred between May 31 and '
'June 1, 2023, affecting 98,496 individuals, including 133 '
'residents of Maine. Compromised information included Social '
'Security numbers. DMA was affected by a MOVEit software '
'exploit and offered 12 months of identity theft protection '
'services through IDX.',
'impact': {'data_compromised': ['Social Security numbers'],
'identity_theft_risk': 'High (SSNs compromised)',
'systems_affected': ['MOVEit Transfer']},
'post_incident_analysis': {'root_causes': ['Exploitation of MOVEit Transfer '
'vulnerability (CVE-2023-34362)']},
'references': [{'source': 'Maine Office of the Attorney General'}],
'regulatory_compliance': {'regulatory_notifications': ['Maine Office of the '
'Attorney General']},
'response': {'recovery_measures': ['12 months of identity theft protection '
'services for affected individuals'],
'third_party_assistance': ['IDX (identity theft protection '
'services)']},
'title': 'Data Media Associates, LLC (DMA) Data Breach via MOVEit Exploit',
'type': 'Data Breach',
'vulnerability_exploited': 'MOVEit Transfer Vulnerability (CVE-2023-34362)'}