Drivestream, Inc., an IT and management consulting firm offering cloud-based solutions, experienced a data breach in December 2024. An unauthorized actor accessed its systems between December 4 and December 9, potentially exfiltrating sensitive personally identifiable information (PII). The exposed data includes names, addresses, phone numbers, Social Security numbers, government-issued ID numbers, and financial account details. Initially, 17 individuals in New Hampshire and at least one in Maine were confirmed affected, though the full scope may be broader as investigations continue. The breach poses risks of identity theft, financial fraud, and unauthorized account activity. Drivestream began notifying affected customers in January 2025, offering 12 months of free credit monitoring and identity protection services. Legal firms are investigating potential compensation claims for victims, highlighting the severity of the incident and its long-term repercussions for those impacted.
Source: https://www.claimdepot.com/investigations/drivestream-data-breach-2025
TPRM report: https://www.rankiteo.com/company/drivestream
"id": "dri4893848111825",
"linkid": "drivestream",
"type": "Breach",
"date": "12/2024",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'At least 18 (17 in New '
'Hampshire, 1 in Maine; '
'potential for more in other '
'states)',
'industry': 'Information Technology and Services '
'(Management and IT Consulting, Cloud '
'Solutions)',
'name': 'Drivestream, Inc.',
'type': 'Private Company'}],
'customer_advisories': 'Customers advised to enroll in credit monitoring, '
'monitor financial accounts, place fraud alerts, and '
'seek legal help if affected.',
'data_breach': {'data_exfiltration': 'Potential exfiltration confirmed',
'number_of_records_exposed': 'At least 18 (potentially more)',
'personally_identifiable_information': ['Name',
'Address',
'Phone number',
'Social Security '
'number',
'Government-issued ID '
'number'],
'sensitivity_of_data': 'High (includes SSNs, government IDs, '
'and financial account information)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Financial Data']},
'date_detected': '2024-12-04',
'date_publicly_disclosed': '2025-01',
'description': 'Drivestream, Inc., an IT and management consulting company, '
'discovered suspicious activity in its data center in December '
'2024. An unauthorized actor accessed certain systems between '
'December 4, 2024, and December 9, 2024, potentially '
'exfiltrating sensitive personally identifiable information '
'(PII) of at least 18 individuals across New Hampshire and '
'Maine. The company began notifying affected customers in '
'January 2025, with written notices issued as late as November '
'17, 2025. The exposed data includes names, addresses, phone '
'numbers, Social Security numbers, government-issued ID '
'numbers, and financial account information.',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'exposure of sensitive PII',
'data_compromised': ['Name',
'Address',
'Phone number',
'Social Security number',
'Government-issued ID number',
'Financial account information'],
'identity_theft_risk': 'High (due to exposure of SSNs, government '
'IDs, and financial data)',
'legal_liabilities': 'Potential lawsuits and compensation claims '
'for affected individuals',
'payment_information_risk': 'High (financial account information '
'exposed)',
'systems_affected': "Certain systems in Drivestream's data center"},
'investigation_status': 'Ongoing (as of November 2025, with notifications '
'still being sent)',
'recommendations': ['Enroll in the 12 months of free Epiq credit monitoring '
'and identity protection services offered by Drivestream.',
'Monitor financial statements regularly for suspicious '
'activity or unauthorized transactions.',
'Place a fraud alert with credit bureaus to prevent '
'unauthorized account openings.',
'Request free annual credit reports from the three major '
'credit bureaus.',
'Seek legal assistance to understand rights and pursue '
'compensation if affected.'],
'references': [{'source': 'Shamis & Gentile P.A. Investigation Notice'}],
'regulatory_compliance': {'legal_actions': 'Potential lawsuits by affected '
'individuals (led by Shamis & '
'Gentile P.A.)'},
'response': {'communication_strategy': 'Customer notifications began in '
'January 2025; written notices sent by '
'November 17, 2025',
'incident_response_plan_activated': 'Yes (investigation '
'initiated in December 2024)',
'recovery_measures': 'Offered 12 months of free Epiq credit '
'monitoring and identity protection '
'services to affected individuals'},
'threat_actor': 'Unauthorized actor',
'title': 'Drivestream, Inc. Data Breach (December 2024)',
'type': 'Data Breach'}