Gibbs & Cox, Inc. suffered a prolonged data breach between **March 2017 and December 2019**, where unauthorized actors gained access to their systems. The incident exposed sensitive personal information of **2,265 individuals**, including **77 Maine residents**. Compromised data included **Social Security numbers, names, and addresses**—highly sensitive details that could facilitate identity theft or financial fraud. The company responded by issuing **written notifications to affected individuals on November 16, 2020**, and offered **24 months of credit monitoring services via TransUnion** to mitigate potential harm. The breach’s extended duration (nearly **three years**) suggests persistent vulnerabilities in their security posture, raising concerns about the adequacy of their detection and response mechanisms. The exposure of **Social Security numbers**—a critical identifier—heightens the risk of long-term repercussions for victims, including fraudulent loans, tax filings, or other malicious activities exploiting stolen identities.
TPRM report: https://www.rankiteo.com/company/gibbs-cox-australia
"id": "gib549091725",
"linkid": "gibbs-cox-australia",
"type": "Breach",
"date": "3/2017",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 2265,
'industry': 'Naval Architecture / Marine Engineering',
'location': 'United States',
'name': 'Gibbs & Cox, Inc.',
'type': 'Private Company'}],
'customer_advisories': 'Written notifications sent (November 16, 2020) with '
'24 months of credit monitoring via TransUnion',
'data_breach': {'data_exfiltration': 'Likely (unauthorized access confirmed)',
'number_of_records_exposed': 2265,
'personally_identifiable_information': ['Social Security '
'numbers',
'names',
'addresses'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)']},
'date_publicly_disclosed': '2020-11-16',
'description': 'The Maine Office of the Attorney General reported that Gibbs '
'& Cox, Inc. experienced a data breach involving unauthorized '
'access to their systems from March 2017 to December 2019, '
'which potentially affected 2,265 individuals, including 77 '
'Maine residents. The specific types of personal information '
'compromised included Social Security numbers, names, and '
'addresses. Written notifications were sent to affected '
'individuals on November 16, 2020, and credit monitoring '
'services were offered for 24 months through TransUnion.',
'impact': {'data_compromised': ['Social Security numbers',
'names',
'addresses'],
'identity_theft_risk': 'High (PII exposed)'},
'initial_access_broker': {'reconnaissance_period': 'March 2017 to December '
'2019'},
'references': [{'source': 'Maine Office of the Attorney General'}],
'regulatory_compliance': {'regulatory_notifications': ['Maine Office of the '
'Attorney General']},
'response': {'communication_strategy': 'Written notifications to affected '
'individuals (November 16, 2020)',
'third_party_assistance': 'TransUnion (credit monitoring '
'services)'},
'title': 'Gibbs & Cox, Inc. Data Breach (2017-2019)',
'type': 'Data Breach'}