On May 5, 2025, Farm Credit East, ACA experienced a data breach reported by the Vermont Attorney General's Office on May 15, 2025. The incident involved the inadvertent disclosure of a document containing sensitive personal information, specifically Social Security Numbers (SSNs), to an unauthorized recipient. The exact number of affected individuals remains undetermined as of the report. The breach stems from a procedural error where confidential data was misdirected, potentially exposing recipients to risks such as identity theft or financial fraud. While the scope of the exposure (e.g., whether the incorrect recipient was internal or external) is unclear, the inclusion of SSNs elevates the severity due to their high value in cybercriminal markets. The company has not disclosed whether additional protective measures, such as credit monitoring for affected parties, have been implemented. The incident highlights vulnerabilities in data-handling protocols, particularly in verifying recipient details before transmitting sensitive documents. No evidence suggests malicious intent (e.g., hacking or ransomware), but the unintentional disclosure of SSNs constitutes a significant privacy violation under regulatory frameworks like state breach notification laws.
Source: https://ago.vermont.gov/document/2025-05-15-farm-credit-east-data-breach-notice-consumers
TPRM report: https://www.rankiteo.com/company/farm-credit-east-aca
"id": "far231090125",
"linkid": "farm-credit-east-aca",
"type": "Breach",
"date": "5/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Unknown',
'industry': 'Agricultural Lending/Financial Services',
'location': 'Vermont, USA (HQ: Enfield, Connecticut)',
'name': 'Farm Credit East, ACA',
'type': 'Financial Services Cooperative'}],
'attack_vector': 'Human Error (Misdelivery of Sensitive Document)',
'data_breach': {'data_exfiltration': 'No (accidental disclosure to '
'unauthorized recipient)',
'file_types_exposed': ['Document (unspecified format)'],
'number_of_records_exposed': 'Unknown',
'personally_identifiable_information': True,
'sensitivity_of_data': 'High (SSNs included)',
'type_of_data_compromised': ['Social Security Numbers',
'Personal Information']},
'date_detected': '2025-05-05',
'date_publicly_disclosed': '2025-05-15',
'description': "The Vermont Attorney General's Office reported a data breach "
'involving Farm Credit East, ACA on May 15, 2025. The breach '
'occurred on or about May 5, 2025, when a document containing '
'personal information, including Social Security Numbers, was '
'inadvertently sent to an incorrect recipient. The number of '
'individuals affected is unknown.',
'impact': {'brand_reputation_impact': 'Potential (due to exposure of '
'sensitive PII)',
'data_compromised': ['Social Security Numbers'],
'identity_theft_risk': 'High (SSNs exposed)'},
'investigation_status': 'Disclosed (ongoing details unclear)',
'post_incident_analysis': {'root_causes': 'Human error (misdelivery of '
'sensitive document)'},
'references': [{'date_accessed': '2025-05-15',
'source': "Vermont Attorney General's Office"}],
'regulatory_compliance': {'regulatory_notifications': ['Vermont Attorney '
"General's Office"]},
'response': {'communication_strategy': 'Public disclosure via Vermont '
"Attorney General's Office"},
'title': 'Farm Credit East, ACA Data Breach (May 2025)',
'type': 'Data Breach (Accidental Disclosure)'}