DBM Global suffered an email compromise incident between December 1, 2020, and February 25, 2021, where unauthorized actors gained access to employee email accounts. The breach exposed Social Security numbers (SSNs) of two Maine residents, while a total of 1,780 individuals were affected overall. The company responded by mailing written notification letters to impacted individuals on July 23, 2021, and offered one year of credit monitoring and identity restoration services via Experian to mitigate potential fraud risks. The incident highlights vulnerabilities in email security protocols, leading to the exposure of sensitive personally identifiable information (PII) of employees and associated individuals. While the scope appears limited to SSNs and email data, the prolonged unauthorized access raises concerns about potential further exploitation of compromised accounts during the exposure window.
TPRM report: https://www.rankiteo.com/company/dbm-global-inc
"id": "dbm041091825",
"linkid": "dbm-global-inc",
"type": "Breach",
"date": "12/2020",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'customers_affected': '1,780 individuals',
'name': 'DBM Global',
'type': 'Company'},
{'industry': 'Legal/Regulatory',
'location': 'Maine, USA',
'name': 'Maine Office of the Attorney General',
'type': 'Government'}],
'attack_vector': 'Email Account Compromise',
'customer_advisories': ['Written notification letters with offer of 1 year of '
'credit monitoring and identity restoration services '
'via Experian'],
'data_breach': {'number_of_records_exposed': '1,780',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High (includes Social Security '
'numbers)',
'type_of_data_compromised': ['Social Security numbers',
'Personal information '
'(unspecified)']},
'date_publicly_disclosed': '2021-07-23',
'description': 'The Maine Office of the Attorney General reported that DBM '
'Global experienced an email compromise incident resulting in '
'unauthorized access to employee email accounts between '
'December 1, 2020, and February 25, 2021. The incident '
'potentially exposed the Social Security numbers of two Maine '
'residents, and a total of 1,780 individuals were affected. '
'Written notification letters were mailed to the affected '
'individuals on July 23, 2021, and DBM Global offered one year '
'of credit monitoring and identity restoration services '
'through Experian.',
'impact': {'data_compromised': ['Social Security numbers (2 Maine residents)',
'Other personal information (1,780 '
'individuals)'],
'identity_theft_risk': 'High (Social Security numbers exposed)',
'systems_affected': ['Employee email accounts']},
'references': [{'source': 'Maine Office of the Attorney General'}],
'regulatory_compliance': {'regulatory_notifications': ['Maine Office of the '
'Attorney General']},
'response': {'communication_strategy': ['Written notification letters mailed '
'to affected individuals (July 23, '
'2021)'],
'third_party_assistance': ['Experian (credit monitoring and '
'identity restoration services)']},
'title': 'DBM Global Email Compromise Incident',
'type': 'Email Compromise / Unauthorized Access'}