On November 21, 2016, Ondracek & Company suffered a data breach that went undetected until February 6, 2017, and was officially reported on March 13, 2017. The incident involved unauthorized access through Remote Desktop Protocol (RDP), a common vector for cyber intrusions. The breach resulted in the compromise of highly sensitive personal and financial information, including names, Social Security numbers (SSNs), and bank account details of an unspecified number of individuals. Such data exposure poses severe risks, including identity theft, financial fraud, and long-term reputational harm to both the affected individuals and the company. The delayed discovery nearly three months after the initial breach further exacerbates the potential damage, as malicious actors may have had prolonged access to exploit the stolen data. The nature of the compromised information (SSNs and bank details) suggests a high-stakes incident with lasting consequences for victims, potentially leading to fraudulent transactions, credit damage, or phishing attacks targeting the exposed individuals.
Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-66889
TPRM report: https://www.rankiteo.com/company/ing-michal-ondracek
"id": "ing759090625",
"linkid": "ing-michal-ondracek",
"type": "Breach",
"date": "11/2016",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'customers_affected': 'Unknown',
'location': 'California, USA',
'name': 'Ondracek & Company',
'type': 'Company'}],
'attack_vector': 'Remote Desktop Protocol (RDP)',
'data_breach': {'number_of_records_exposed': 'Unknown',
'personally_identifiable_information': ['names',
'Social Security '
'numbers'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Financial Data']},
'date_detected': '2017-02-06',
'date_publicly_disclosed': '2017-03-13',
'description': 'The California Office of the Attorney General reported that '
'Ondracek & Company experienced a data breach on November 21, '
'2016, which was discovered on February 6, 2017 and reported '
'on March 13, 2017. The breach involved unauthorized access '
'via Remote Desktop Protocol and compromised information such '
'as names, Social Security numbers, and bank account '
'information for an unknown number of individuals.',
'impact': {'data_compromised': ['names',
'Social Security numbers',
'bank account information'],
'identity_theft_risk': 'High (PII and financial data exposed)',
'payment_information_risk': 'High (bank account information '
'exposed)'},
'initial_access_broker': {'entry_point': 'Remote Desktop Protocol (RDP)'},
'references': [{'source': 'California Office of the Attorney General'}],
'regulatory_compliance': {'regulatory_notifications': 'California Office of '
'the Attorney General'},
'response': {'communication_strategy': 'Reported to California Office of the '
'Attorney General'},
'title': 'Ondracek & Company Data Breach (2016-2017)',
'type': 'Data Breach'}