The Maine Office of the Attorney General reported that Goodspeed & Merrill experienced a phishing incident between March 23, 2020, and August 28, 2020, involving unauthorized access to employee email accounts. The breach potentially compromised the Social Security number of one Maine resident and affected a total of 751 individuals. Written notification was sent on January 22, 2021, and identity theft protection services were offered for one year through Kroll.
TPRM report: https://www.rankiteo.com/company/goodspeed-&-merrill-llc
"id": "goo102072625",
"linkid": "goodspeed-&-merrill-llc",
"type": "Breach",
"date": "3/2020",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'customers_affected': 751,
'location': 'Maine',
'name': 'Goodspeed & Merrill',
'type': 'Company'}],
'attack_vector': 'Email',
'data_breach': {'number_of_records_exposed': 1,
'personally_identifiable_information': True,
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Social Security number']},
'date_publicly_disclosed': '2021-01-22',
'description': 'The Maine Office of the Attorney General reported that '
'Goodspeed & Merrill experienced a phishing incident involving '
'unauthorized access to employee email accounts.',
'impact': {'data_compromised': ['Social Security number'],
'identity_theft_risk': 'High',
'systems_affected': ['Employee email accounts']},
'initial_access_broker': {'entry_point': 'Email'},
'references': [{'source': 'Maine Office of the Attorney General'}],
'response': {'communication_strategy': ['Written notification',
'Identity theft protection services '
'offered'],
'third_party_assistance': ['Kroll']},
'title': 'Goodspeed & Merrill Phishing Incident',
'type': 'Phishing',
'vulnerability_exploited': 'Human'}