The Vermont Office of the Attorney General disclosed a data breach at Epic Management, detected on September 2, 2021, but reported publicly on December 14, 2022. The incident involved unauthorized access to the company’s email environment, where attackers exploited vulnerabilities to infiltrate certain files. While the breach exposed personal information, including names, the exact scope of affected individuals remains undetermined. The attack did not explicitly confirm theft of sensitive data beyond basic identifiers, nor did it result in financial fraud, operational disruption, or broader systemic harm. However, the exposure of personal details—even if limited—poses reputational risks and potential phishing or identity-based threats for affected parties. The delayed discovery (over a year between breach and reporting) further amplifies concerns about incident response effectiveness and data protection protocols. No evidence suggests ransomware, large-scale financial loss, or critical infrastructure compromise. The primary impact revolves around unauthorized access to non-financial personal data, with no confirmed misuse at the time of disclosure.
Source: https://ago.vermont.gov/document/2022-12-14-epic-management-data-breach-notice-consumers
TPRM report: https://www.rankiteo.com/company/epic-management-inc
"id": "epi546091725",
"linkid": "epic-management-inc",
"type": "Breach",
"date": "9/2021",
"severity": "50",
"impact": "2",
"explanation": "Attack limited on finance or reputation"{'affected_entities': [{'customers_affected': 'unknown',
'name': 'Epic Management',
'type': 'Organization'}],
'data_breach': {'number_of_records_exposed': 'unknown',
'personally_identifiable_information': ['names'],
'type_of_data_compromised': ['personal information (names)']},
'date_detected': '2021-09-02',
'date_publicly_disclosed': '2022-12-14',
'description': 'The Vermont Office of the Attorney General reported a data '
'breach incident involving Epic Management on December 14, '
'2022. The breach was discovered on September 2, 2021, when '
"unusual activity was detected in Epic's digital environment, "
'leading to unauthorized access to certain files within its '
'email tenant. The breach potentially affected personal '
'information including names, but the exact number of '
'individuals affected is unknown.',
'impact': {'data_compromised': ['names'],
'identity_theft_risk': 'potential',
'systems_affected': ['email tenant']},
'references': [{'date_accessed': '2022-12-14',
'source': 'Vermont Office of the Attorney General'}],
'regulatory_compliance': {'regulatory_notifications': ['Vermont Office of the '
'Attorney General']},
'title': 'Data Breach at Epic Management',
'type': 'Data Breach'}