GoHenry, a financial services company providing debit cards and financial education for children, experienced a security incident where unauthorized access was gained to certain customer profiles between September 19, 2022, and October 13, 2022. The breach was later confirmed on April 3, 2023, revealing that the personal information of 23 Maine residents had been accessed. The exposed data included names and GoHenry card details, though no further specifics (e.g., financial transactions, passwords, or broader customer base impact) were disclosed. Affected individuals were notified via mailed letters starting May 8, 2023. The incident highlights a targeted compromise of customer data, raising concerns over potential fraud or misuse of payment card information. While the scope appears limited to a subset of users in Maine, the exposure of card-related data poses risks of financial fraud or identity theft. The delayed disclosure (nearly 7 months after the initial breach period) further underscores challenges in detection and response. No evidence suggests ransomware or systemic operational disruption, but the breach underscores vulnerabilities in customer data protection within fintech platforms catering to minors.
TPRM report: https://www.rankiteo.com/company/gohenry
"id": "goh300082125",
"linkid": "gohenry",
"type": "Breach",
"date": "9/2022",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '23 (Maine residents)',
'industry': 'Fintech',
'name': 'GoHenry',
'type': 'Financial Services (Prepaid Debit Cards for '
'Kids)'},
{'industry': 'Public Sector',
'location': 'Maine, USA',
'name': "Maine Attorney General's Office",
'type': 'Government / Regulatory Body'}],
'customer_advisories': 'Notification letters mailed to affected residents '
'starting May 8, 2023',
'data_breach': {'data_exfiltration': 'Confirmed (data was accessed)',
'number_of_records_exposed': '23',
'personally_identifiable_information': ['Names'],
'sensitivity_of_data': 'High (includes names and card '
'details)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Payment Card Information']},
'date_detected': '2022-10-13',
'date_publicly_disclosed': '2023-04-03',
'description': "The Maine Attorney General's Office reported that GoHenry "
'experienced unauthorized access to certain customer profiles '
'between September 19, 2022, and October 13, 2022. On April 3, '
'2023, it was confirmed that the personal information of 23 '
'Maine residents was accessed, including names and GoHenry '
'card information. Notification letters were mailed to '
'affected residents starting May 8, 2023.',
'impact': {'data_compromised': ['names', 'GoHenry card information'],
'identity_theft_risk': 'Potential (due to exposed PII)',
'payment_information_risk': 'Potential (GoHenry card information '
'exposed)'},
'investigation_status': 'Confirmed (as of April 3, 2023)',
'references': [{'source': "Maine Attorney General's Office"}],
'regulatory_compliance': {'regulatory_notifications': 'Maine Attorney '
"General's Office "
'notified; letters sent '
'to affected residents '
'as per regulatory '
'requirements'},
'response': {'communication_strategy': 'Notification letters mailed to '
'affected residents starting May 8, '
'2023'},
'title': 'Unauthorized Access to GoHenry Customer Profiles',
'type': 'Data Breach / Unauthorized Access'}