The Maine Office of the Attorney General disclosed a data breach at Fiondella, Milone & LaSaracina LLP, occurring between September 9–14, 2021, and reported on January 14, 2022. The incident stemmed from a hacking attack that exposed sensitive personal data of 111,837 individuals, including 216 Maine residents. The compromised information primarily included names and Social Security numbers (SSNs), heightening the risk of identity theft and fraud. In response, the firm offered identity theft protection services to affected individuals to mitigate potential harm. The breach underscored vulnerabilities in the company’s cybersecurity defenses, leading to unauthorized access to highly sensitive data. While no immediate financial losses or operational disruptions were reported, the exposure of SSNs a critical identifier for financial and governmental verification poses long-term risks for victims, including fraudulent account openings, credit damage, and impersonation. The incident highlights the severe consequences of third-party cyber intrusions on professional service firms, particularly those handling confidential client data, reinforcing the need for robust preventive measures, monitoring, and incident response protocols.
TPRM report: https://www.rankiteo.com/company/fml-cpas-fiondella-milone-lasaracina
"id": "fml037091825",
"linkid": "fml-cpas-fiondella-milone-lasaracina",
"type": "Breach",
"date": "9/2021",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 111837,
'industry': 'Legal Services',
'name': 'Fiondella, Milone & LaSaracina LLP',
'type': 'Law Firm'},
{'customers_affected': 216,
'industry': 'Legal/Regulatory',
'location': 'Maine, USA',
'name': 'Maine Office of the Attorney General',
'type': 'Government Agency'}],
'attack_vector': 'Hacking',
'customer_advisories': 'Identity theft protection services offered to '
'affected individuals',
'data_breach': {'data_exfiltration': 'Yes',
'number_of_records_exposed': 111837,
'personally_identifiable_information': ['Names',
'Social Security '
'numbers'],
'sensitivity_of_data': 'High (includes Social Security '
'numbers)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)']},
'date_detected': '2021-09-14',
'date_publicly_disclosed': '2022-01-14',
'description': 'The Maine Office of the Attorney General reported a data '
'breach involving Fiondella, Milone & LaSaracina LLP on '
'January 14, 2022. The breach, which occurred between '
'September 9 and September 14, 2021, was due to a hacking '
'incident affecting a total of 111,837 individuals, including '
'216 Maine residents. The compromised information included '
'names and Social Security numbers, and identity theft '
'protection services were offered to the affected individuals.',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'exposure of sensitive personal data',
'data_compromised': ['Names', 'Social Security numbers'],
'identity_theft_risk': 'High (Social Security numbers '
'compromised)'},
'references': [{'date_accessed': '2022-01-14',
'source': 'Maine Office of the Attorney General'}],
'regulatory_compliance': {'regulatory_notifications': 'Reported to Maine '
'Office of the Attorney '
'General'},
'response': {'recovery_measures': 'Identity theft protection services offered '
'to affected individuals'},
'title': 'Data Breach at Fiondella, Milone & LaSaracina LLP',
'type': 'Data Breach'}