On April 2, 2025, the Maine Office of the Attorney General disclosed a data breach involving Gilead Sciences, Inc., stemming from an inadvertent mailing error by Billing Document Specialists. The incident, detected on February 18, 2025, resulted in the unauthorized disclosure of sensitive personal information specifically Social Security numbers of 12,224 individuals, including 4 residents in California. The breach occurred due to a procedural failure in handling physical mail, leading to the exposure of confidential financial identifiers without evidence of malicious cyber activity or further exploitation. While the exposed data carries high sensitivity, there were no reports of identity theft, financial fraud, or systemic compromise linked to the incident. The company likely initiated remediation measures, such as notifications to affected parties and regulatory bodies, but the breach’s scope remained contained to document mishandling rather than a targeted cyberattack or systemic vulnerability exploitation.
TPRM report: https://www.rankiteo.com/company/gilead-sciences
"id": "gil957091725",
"linkid": "gilead-sciences",
"type": "Breach",
"date": "2/2025",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'customers_affected': '12,224 individuals (including 4 '
'residents in California)',
'industry': 'Biopharmaceutical',
'location': 'United States',
'name': 'Gilead Sciences, Inc.',
'type': 'Corporation'},
{'industry': 'Document Processing',
'name': 'Billing Document Specialists',
'type': 'Third-Party Vendor'}],
'attack_vector': 'Human Error (Mailing Error)',
'data_breach': {'data_exfiltration': 'No (inadvertent disclosure via mailing '
'error)',
'number_of_records_exposed': '12,224',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High (Personally Identifiable '
'Information)',
'type_of_data_compromised': ['Social Security numbers']},
'date_detected': '2025-02-18',
'date_publicly_disclosed': '2025-04-02',
'description': 'The Maine Office of the Attorney General reported a data '
'breach involving Gilead Sciences, Inc. The breach occurred '
"due to an inadvertent disclosure of 12,224 individuals' "
'information, including Social Security numbers, through a '
'mailing error by Billing Document Specialists. The incident '
'affected 4 residents in California.',
'impact': {'brand_reputation_impact': 'Potential reputational harm due to '
'exposure of sensitive personal data',
'data_compromised': ['Social Security numbers'],
'identity_theft_risk': 'High (due to exposure of Social Security '
'numbers)'},
'post_incident_analysis': {'root_causes': 'Human error by third-party vendor '
'(Billing Document Specialists) '
'leading to inadvertent disclosure '
'of sensitive data via mail.'},
'references': [{'date_accessed': '2025-04-02',
'source': 'Maine Office of the Attorney General'}],
'regulatory_compliance': {'regulatory_notifications': 'Maine Office of the '
'Attorney General'},
'response': {'communication_strategy': 'Public disclosure via Maine Office of '
'the Attorney General'},
'title': 'Gilead Sciences, Inc. Data Breach via Mailing Error',
'type': 'Data Breach'}