The Maine Office of the Attorney General disclosed a data breach affecting EmPower HR in January 2021. The incident stemmed from unauthorized access to employee records between September 29, 2020, and October 30, 2020, detected on December 21, 2020. The breach exposed sensitive personal information, including at least one resident’s name and Social Security number (SSN), with a total of 4,214 individuals potentially impacted. The compromised data suggests a targeted intrusion aimed at internal employee records, likely through phishing, credential theft, or an exploited vulnerability in EmPower HR’s systems. While the exact method remains undisclosed, the exposure of SSNs a high-value target for identity theft and fraud elevates the risk of long-term harm to affected employees. The breach underscores systemic weaknesses in safeguarding personnel data, raising concerns over compliance with data protection regulations and the company’s cybersecurity posture. No evidence suggests the attack extended to customers or disrupted operations, but the scale and nature of the leaked data (employee PII) classify it as a significant internal data breach with potential financial and reputational repercussions for those affected.
TPRM report: https://www.rankiteo.com/company/empower-u-hr-services
"id": "emp041091825",
"linkid": "empower-u-hr-services",
"type": "Breach",
"date": "9/2020",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'customers_affected': '4,214 individuals',
'industry': 'Human Resources',
'name': 'EmPower HR',
'type': 'Organization'},
{'customers_affected': '1 resident (reported)',
'industry': 'Legal/Regulatory',
'location': 'Maine, USA',
'name': 'Maine Office of the Attorney General',
'type': 'Government'}],
'data_breach': {'data_exfiltration': 'Likely (unauthorized access confirmed)',
'number_of_records_exposed': '4,214',
'personally_identifiable_information': ['Name',
'Social Security '
'Number'],
'sensitivity_of_data': 'High (includes SSN)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)']},
'date_detected': '2020-12-21',
'date_publicly_disclosed': '2021-01-07',
'description': 'The Maine Office of the Attorney General reported a data '
'breach involving EmPower HR, where unauthorized access to '
'employee information occurred between September 29, 2020, and '
'October 30, 2020. The breach was identified on December 21, '
"2020, and affected one resident's name and Social Security "
'number, with a total of 4,214 individuals potentially '
'impacted.',
'impact': {'data_compromised': ['Name', 'Social Security Number'],
'identity_theft_risk': 'High (SSN exposed)'},
'initial_access_broker': {'high_value_targets': ['Employee PII']},
'investigation_status': 'Disclosed (2021-01-07)',
'references': [{'source': 'Maine Office of the Attorney General'}],
'regulatory_compliance': {'regulatory_notifications': 'Maine Office of the '
'Attorney General'},
'response': {'communication_strategy': 'Public disclosure via Maine AG '
'office'},
'title': 'EmPower HR Data Breach (2020)',
'type': 'Data Breach'}