Numerous organizations have been impacted by the latest Mailchimp data hack; some of them have already notified their customers.
To acquire access to a tool for internal assistance and account administration, threat actors targeted the company's workers and contractors.
The business also stated that there is no proof that this security compromise affected Intuit systems or any other customer data in addition to the 133 accounts that were reported.
Customers were warned by the business that some of their information, including name, URL, address, and email address, may have been compromised. Payment information, passwords, or any other sensitive information was not exposed, according to WooCommerce.
Source: https://securityaffairs.com/141203/data-breach/companies-impacted-by-mailchimp-breach.html
TPRM report: https://scoringcyber.rankiteo.com/company/mailchimp
"id": "int224981023",
"linkid": "mailchimp",
"type": "Data Leak",
"date": "01/2023",
"severity": "50",
"impact": "2",
"explanation": "Attack limited on finance or reputation"{'affected_entities': [{'customers_affected': 133,
'industry': 'Email Marketing',
'name': 'Mailchimp',
'type': 'Company'}],
'attack_vector': 'Phishing',
'customer_advisories': 'Customers were warned by the business that some of '
'their information, including name, URL, address, and '
'email address, may have been compromised.',
'data_breach': {'personally_identifiable_information': ['name',
'email address'],
'sensitivity_of_data': 'Low',
'type_of_data_compromised': ['name',
'URL',
'address',
'email address']},
'description': 'Numerous organizations have been impacted by the latest '
'Mailchimp data hack; some of them have already notified their '
"customers. Threat actors targeted the company's workers and "
'contractors to acquire access to a tool for internal '
'assistance and account administration. The business also '
'stated that there is no proof that this security compromise '
'affected Intuit systems or any other customer data in '
'addition to the 133 accounts that were reported. Customers '
'were warned by the business that some of their information, '
'including name, URL, address, and email address, may have '
'been compromised. Payment information, passwords, or any '
'other sensitive information was not exposed, according to '
'WooCommerce.',
'impact': {'data_compromised': ['name', 'URL', 'address', 'email address'],
'payment_information_risk': 'Low'},
'initial_access_broker': {'entry_point': 'Phishing'},
'motivation': 'Data Theft',
'post_incident_analysis': {'root_causes': 'Phishing attack targeting '
'employees and contractors'},
'response': {'communication_strategy': 'Customer notification'},
'title': 'Mailchimp Data Hack',
'type': 'Data Breach'}