Dolly, Inc.

The Vermont Office of the Attorney General disclosed a data breach affecting Dolly, Inc., which occurred on August 26, 2023. The incident involved the unauthorized exposure of personal information, specifically names and Social Security numbers (SSNs) of individuals. The breach was formally reported on November 2, 2023, though the exact number of affected individuals remains undetermined as of the disclosure.The compromised data particularly SSNs poses significant risks, including identity theft, financial fraud, and long-term reputational harm to the impacted individuals. Given the sensitivity of SSNs, the breach suggests a high potential for misuse, as such identifiers are often targeted for illicit financial activities or further cyber exploits. The delayed reporting (over two months) may also exacerbate risks, as affected parties were left uninformed and vulnerable during this period.While the root cause (e.g., phishing, system vulnerability, or external attack) was not specified, the exposure of personally identifiable information (PII) without ransomware involvement aligns with severe data protection failures. The incident underscores the company’s obligation to enhance cybersecurity measures, transparency, and timely notifications to mitigate fallout for stakeholders.

Source: https://ago.vermont.gov/document/2023-11-02-dolly-data-breach-notice-consumers

TPRM report: https://www.rankiteo.com/company/dolly-inc-

"id": "dol547091725",
"linkid": "dolly-inc-",
"type": "Breach",
"date": "8/2023",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'customers_affected': 'Unknown',
                        'name': 'Dolly, Inc.',
                        'type': 'Company'}],
 'data_breach': {'number_of_records_exposed': 'Unknown',
                 'personally_identifiable_information': ['names',
                                                         'Social Security '
                                                         'numbers'],
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Personally Identifiable '
                                              'Information (PII)']},
 'date_detected': '2023-08-26',
 'date_publicly_disclosed': '2023-11-02',
 'description': 'The Vermont Office of the Attorney General reported that '
                'Dolly, Inc. experienced a data breach on August 26, 2023, '
                'affecting personal information, including names and Social '
                'Security numbers. The breach was reported on November 2, '
                '2023, and the number of individuals affected is currently '
                'unknown.',
 'impact': {'data_compromised': ['names', 'Social Security numbers'],
            'identity_theft_risk': 'High (PII exposed)'},
 'references': [{'source': 'Vermont Office of the Attorney General'}],
 'regulatory_compliance': {'regulatory_notifications': 'Vermont Office of the '
                                                       'Attorney General'},
 'response': {'communication_strategy': 'Public disclosure via Vermont Office '
                                        'of the Attorney General'},
 'title': 'Dolly, Inc. Data Breach (2023)',
 'type': 'Data Breach'}

Dolly, Inc.

Alfa Bank and Ministry of Defense: Russia’s Crackdown on Probiv Data Leaks May Have Fed the Beast Instead

Coupang: Nomura downgrades Coupang to 'neutral' on data breach, regulatory risks

Dartmouth College, Harvard University, Princeton University, Columbia University and Clemson University: Why Cyberattacks in Higher Ed Keep Proliferating