On July 31, 2020, Father Bill’s & Mainspring suffered a data breach triggered by a phishing attack, compromising an employee’s email account. The incident exposed sensitive personal and financial data of 1,168 individuals, including names, Social Security numbers, and financial account information. The unauthorized access posed risks of identity theft, financial fraud, and reputational harm. A substitute notice was issued to affected consumers on January 14, 2021, nearly six months after the breach, indicating potential delays in detection or disclosure. The breach underscored vulnerabilities in email security protocols and the broader implications of phishing as an entry point for cybercriminals targeting employee credentials to access confidential data.
TPRM report: https://www.rankiteo.com/company/father-bill's-&-mainspring
"id": "fat034090625",
"linkid": "father-bill's-&-mainspring",
"type": "Breach",
"date": "7/2020",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 1168,
'industry': 'Social Services / Homeless Shelter',
'location': 'Massachusetts, USA',
'name': 'Father Bill’s & Mainspring',
'type': 'Non-Profit Organization'}],
'attack_vector': 'Phishing',
'customer_advisories': 'Substitute Notice Issued (January 14, 2021)',
'data_breach': {'data_exfiltration': 'Possible (Unauthorized Access to Email '
'Account)',
'number_of_records_exposed': 1168,
'personally_identifiable_information': ['Names',
'Social Security '
'Numbers'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Financial Data']},
'date_detected': '2020-07-31',
'date_publicly_disclosed': '2021-01-14',
'description': 'The Maine Office of the Attorney General reported that Father '
'Bill’s & Mainspring experienced a data breach due to a '
'phishing attack on July 31, 2020, potentially affecting 1,168 '
'individuals. The breach involved unauthorized access to an '
'employee email account, resulting in the possible exposure of '
'names, social security numbers, and financial account '
'information. A substitute notice was issued to consumers on '
'January 14, 2021.',
'impact': {'data_compromised': ['Names',
'Social Security Numbers',
'Financial Account Information'],
'identity_theft_risk': 'High (PII and Financial Data Exposed)',
'payment_information_risk': 'High (Financial Account Information '
'Exposed)',
'systems_affected': ['Employee Email Account']},
'initial_access_broker': {'entry_point': 'Employee Email Account (Phishing)'},
'post_incident_analysis': {'root_causes': 'Phishing Attack Leading to '
'Unauthorized Email Access'},
'references': [{'source': 'Maine Office of the Attorney General'}],
'regulatory_compliance': {'regulatory_notifications': 'Maine Office of the '
'Attorney General'},
'response': {'communication_strategy': 'Substitute Notice Issued to Consumers '
'(January 14, 2021)'},
'title': 'Father Bill’s & Mainspring Data Breach via Phishing Attack (2020)',
'type': 'Data Breach',
'vulnerability_exploited': 'Human Error (Compromised Employee Email Account)'}