The California Office of the Attorney General disclosed a data breach affecting Grellas Shah LLP, occurring between December 20, 2021, and March 28, 2022. The incident stemmed from unauthorized access to employee email accounts, exposing sensitive personal information, including Social Security numbers and financial account details. While the exact number of affected individuals was not specified, the breach posed significant risks of identity theft, financial fraud, and reputational harm. The compromised data primarily involved employee-related information, though the potential spillover to clients or third parties could not be ruled out. The firm likely faced regulatory scrutiny, legal liabilities, and the need for remediation measures such as credit monitoring for affected parties. The breach underscored vulnerabilities in email security protocols and the critical need for robust cybersecurity frameworks to prevent similar incidents in legal and professional services firms.
Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-556836
TPRM report: https://www.rankiteo.com/company/grellas-shah-llp
"id": "gre549091725",
"linkid": "grellas-shah-llp",
"type": "Breach",
"date": "12/2021",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'industry': 'Legal Services',
'location': 'California, USA',
'name': 'Grellas Shah LLP',
'type': 'Law Firm'}],
'attack_vector': 'Unauthorized Access (Email Account Compromise)',
'data_breach': {'data_exfiltration': 'Likely (unauthorized access to email '
'accounts)',
'personally_identifiable_information': ['Social Security '
'numbers'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Financial Information']},
'date_publicly_disclosed': '2022-09-01',
'description': 'The California Office of the Attorney General reported a data '
'breach involving Grellas Shah LLP on September 1, 2022. The '
'breach occurred between December 20, 2021, and March 28, '
'2022, due to unauthorized access to certain employee email '
'accounts, potentially affecting personal information such as '
'Social Security numbers and financial account information.',
'impact': {'data_compromised': ['Social Security numbers',
'financial account information'],
'identity_theft_risk': 'High (PII exposed)',
'payment_information_risk': 'High (financial account information '
'exposed)',
'systems_affected': ['employee email accounts']},
'initial_access_broker': {'entry_point': 'Employee email accounts'},
'references': [{'source': 'California Office of the Attorney General'}],
'regulatory_compliance': {'regulations_violated': ['Potential violation of '
'California data breach '
'notification laws (e.g., '
'CCPA)'],
'regulatory_notifications': ['California Office of '
'the Attorney '
'General']},
'title': 'Data Breach at Grellas Shah LLP',
'type': 'Data Breach'}