Ernest Packaging Solutions

The California Office of the Attorney General disclosed a data breach affecting Ernest Packaging Solutions in July 2022. The incident stemmed from unauthorized access to the company’s client portal, with the intrusion originating on May 19, 2022. The breach exposed sensitive customer data, including names, addresses, email addresses, phone numbers, and order history information. While the full scope of the compromise remains undisclosed, the exposed data could enable targeted phishing, identity fraud, or reputational harm to affected individuals. The breach highlights vulnerabilities in the company’s portal security, raising concerns over third-party access controls and monitoring protocols. No evidence suggests financial data (e.g., payment details) or employee records were impacted, but the leak of personal and transactional information poses risks of downstream exploitation, such as spear-phishing campaigns or unauthorized account access. The incident underscores the broader trend of supply chain attacks, where threat actors exploit vendor portals to harvest customer data. Ernest Packaging Solutions has not publicly confirmed whether the breach resulted from a cyber attack, unpatched vulnerability, or insider negligence, but the prolonged undetected access (over a month) suggests potential gaps in intrusion detection or log analysis. Regulatory scrutiny and customer notifications followed, though the long-term operational or financial repercussions for the company remain unclear.

Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-554891

TPRM report: https://www.rankiteo.com/company/ernest-packaging-solutions

"id": "ern1008091725",
"linkid": "ernest-packaging-solutions",
"type": "Breach",
"date": "5/2022",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'industry': 'Packaging Solutions',
                        'location': 'California, USA',
                        'name': 'Ernest Packaging Solutions',
                        'type': 'Company'}],
 'attack_vector': 'Unauthorized Access',
 'data_breach': {'personally_identifiable_information': True,
                 'sensitivity_of_data': 'Moderate',
                 'type_of_data_compromised': ['Personal Information',
                                              'Order History']},
 'date_publicly_disclosed': '2022-07-04',
 'description': 'The California Office of the Attorney General reported a data '
                'breach involving Ernest Packaging Solutions. The breach '
                'involved unauthorized access to the client portal, '
                'potentially exposing customer names, addresses, email '
                'addresses, phone numbers, and order history information.',
 'impact': {'data_compromised': ['Customer names',
                                 'Addresses',
                                 'Email addresses',
                                 'Phone numbers',
                                 'Order history information'],
            'systems_affected': ['Client portal']},
 'references': [{'source': 'California Office of the Attorney General'}],
 'regulatory_compliance': {'regulatory_notifications': ['California Office of '
                                                        'the Attorney '
                                                        'General']},
 'title': 'Data Breach at Ernest Packaging Solutions',
 'type': 'Data Breach'}

Ernest Packaging Solutions

OCAD University, UBC and SFU: Cyberattack hits universities around the world including Canada

McHenry County College, Instructure, Inc. and Woodstock School District 200: Canvas cyberattack hits McHenry County school districts

Canvas: Lake Land College Among Those Hit In Nationwide Data Breach