Fortress Biotech, Inc.

Fortress Biotech, Inc. suffered a data breach on August 25, 2021, triggered by a phishing attack that exposed sensitive personal and financial information of 1,800 individuals. The compromised data included names, dates of birth, Social Security numbers, driver’s license numbers, and financial account details highly valuable targets for identity theft, financial fraud, and further cyber exploitation.The breach stemmed from a successful phishing campaign, likely exploiting human error to gain unauthorized access to internal systems. Given the nature of the stolen data, affected individuals face heightened risks of fraudulent account openings, credit damage, and long-term identity misuse. The incident underscores vulnerabilities in Fortress Biotech’s employee awareness training and email security protocols, as phishing remains a dominant vector for data exfiltration.While the breach did not involve ransomware or systemic operational disruption, the scale and sensitivity of the leaked data particularly SSNs and financial records elevate its severity. Such exposures often lead to regulatory scrutiny, reputational harm, and potential legal liabilities, especially under data protection laws like HIPAA or state-level breach notification statutes. The company’s response (e.g., notification delays, remediation efforts) could further influence public trust and financial repercussions.

Source: https://www.maine.gov/agviewer/content/ag/985235c7-cb95-4be2-8792-a1252b4f8318/842488bc-6e99-4761-9c02-f18c8ba9fdcb.shtml

TPRM report: https://www.rankiteo.com/company/fortress-biotech

"id": "for1022090725",
"linkid": "fortress-biotech",
"type": "Breach",
"date": "8/2021",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'customers_affected': 1800,
                        'industry': 'Biotechnology/Pharmaceuticals',
                        'name': 'Fortress Biotech, Inc.',
                        'type': 'Corporation'}],
 'attack_vector': 'Phishing',
 'data_breach': {'number_of_records_exposed': 1800,
                 'personally_identifiable_information': ['names',
                                                         'dates of birth',
                                                         'Social Security '
                                                         'numbers',
                                                         "driver's license "
                                                         'numbers'],
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['PII (Personally Identifiable '
                                              'Information)',
                                              'Financial Data']},
 'date_detected': '2021-08-25',
 'description': 'The Maine Office of the Attorney General reported that '
                'Fortress Biotech, Inc. experienced a data breach on August '
                '25, 2021, due to a phishing attack affecting 1,800 '
                'individuals. The potentially compromised information included '
                "names, dates of birth, Social Security numbers, driver's "
                'license numbers, and financial account information.',
 'impact': {'data_compromised': ['names',
                                 'dates of birth',
                                 'Social Security numbers',
                                 "driver's license numbers",
                                 'financial account information'],
            'identity_theft_risk': 'High',
            'payment_information_risk': 'High'},
 'initial_access_broker': {'entry_point': 'Phishing'},
 'references': [{'source': 'Maine Office of the Attorney General'}],
 'regulatory_compliance': {'regulatory_notifications': ['Maine Office of the '
                                                        'Attorney General']},
 'title': 'Fortress Biotech, Inc. Data Breach (2021)',
 'type': 'Data Breach'}