The Vermont Office of the Attorney General reported that the Institute for Functional Medicine experienced a data breach where an attacker obtained an employee's password and potentially intercepted purchase information between May 22 and May 29, 2024. The compromised personal information may have included cardholder name and address, phone number, card number, expiration date and CVV, and information about the services purchased. The breach was reported on July 23, 2024.
TPRM report: https://www.rankiteo.com/company/institute-for-functional-medicine
"id": "ins304072625",
"linkid": "institute-for-functional-medicine",
"type": "Breach",
"date": "5/2024",
"severity": "60",
"impact": "2",
"explanation": "Attack limited on finance or reputation"{'affected_entities': [{'industry': 'Healthcare',
'name': 'Institute for Functional Medicine',
'type': 'Organization'}],
'attack_vector': 'Compromised Credentials',
'data_breach': {'data_exfiltration': True,
'personally_identifiable_information': True,
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personal Information',
'Payment Information']},
'date_publicly_disclosed': '2024-07-23',
'description': "An attacker obtained an employee's password and potentially "
'intercepted purchase information between May 22 and May 29, '
'2024. The compromised personal information may have included '
'cardholder name and address, phone number, card number, '
'expiration date and CVV, and information about the services '
'purchased.',
'impact': {'data_compromised': ['Cardholder name and address',
'Phone number',
'Card number',
'Expiration date',
'CVV',
'Information about services purchased'],
'payment_information_risk': True},
'initial_access_broker': {'entry_point': 'Compromised Employee Password'},
'references': [{'date_accessed': '2024-07-23',
'source': 'Vermont Office of the Attorney General'}],
'title': 'Data Breach at Institute for Functional Medicine',
'type': 'Data Breach',
'vulnerability_exploited': 'Weak Password Security'}