Financial Dimensions Group, Inc, a company registered with Royal Alliance suffered a data breach that affected the Royal Alliance Clients.
The breach compromised the names, addresses, dates of birth, driver’s license numbers, financial account numbers, Social Security numbers, and other information belonging to certain clients.
Though Royal Alliance secured its email environment and then launched an internal investigation and also sent out data breach letters to all affected parties.
However, an unauthorized party had already gained access to an employee’s email account and emails and attachments within that account contained sensitive client information.
Source: https://www.jdsupra.com/legalnews/financial-dimensions-group-inc-3919344/
TPRM report: https://scoringcyber.rankiteo.com/company/financial-dimensions
"id": "fin222431122",
"linkid": "financial-dimensions",
"type": "Breach",
"date": "10/2022",
"severity": "80",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Financial Services',
'name': 'Royal Alliance Clients',
'type': 'Clients'}],
'attack_vector': 'Email Account Compromise',
'customer_advisories': 'Data breach letters',
'data_breach': {'personally_identifiable_information': True,
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Names',
'Addresses',
'Dates of Birth',
'Driver’s License Numbers',
'Financial Account Numbers',
'Social Security Numbers',
'Other Information']},
'description': 'Financial Dimensions Group, Inc, a company registered with '
'Royal Alliance suffered a data breach that affected the Royal '
'Alliance Clients. The breach compromised the names, '
'addresses, dates of birth, driver’s license numbers, '
'financial account numbers, Social Security numbers, and other '
'information belonging to certain clients. Though Royal '
'Alliance secured its email environment and then launched an '
'internal investigation and also sent out data breach letters '
'to all affected parties. However, an unauthorized party had '
'already gained access to an employee’s email account and '
'emails and attachments within that account contained '
'sensitive client information.',
'impact': {'data_compromised': ['Names',
'Addresses',
'Dates of Birth',
'Driver’s License Numbers',
'Financial Account Numbers',
'Social Security Numbers',
'Other Information'],
'systems_affected': 'Email Environment'},
'initial_access_broker': {'entry_point': 'Email Account'},
'investigation_status': 'Ongoing',
'post_incident_analysis': {'root_causes': "Unauthorized access to employee's "
'email account'},
'response': {'communication_strategy': 'Data breach letters to all affected '
'parties',
'containment_measures': 'Secured its email environment',
'recovery_measures': 'Sent out data breach letters to all '
'affected parties',
'remediation_measures': 'Launched an internal investigation'},
'threat_actor': 'Unauthorized Party',
'title': 'Financial Dimensions Group Data Breach',
'type': 'Data Breach',
'vulnerability_exploited': 'Unauthorized access to email account'}