The California Office of the Attorney General disclosed a ransomware attack targeting Woods & Woods, LLC on January 15, 2020, reported publicly on March 11, 2020. The incident resulted in the potential exposure of highly sensitive personal and financial data, including names, addresses, dates of birth, Social Security numbers, medical records, and bank account details of affected individuals. The breach posed severe risks to victims, including identity theft, financial fraud, and unauthorized access to medical histories, given the breadth of compromised information. The attack’s nature ransomware suggests malicious actors encrypted critical systems, likely demanding payment for data restoration, while simultaneously exfiltrating confidential records. The scale and sensitivity of the leaked data indicate a direct threat to the privacy and security of customers, with long-term reputational and legal repercussions for the firm. The incident underscores the vulnerability of organizations handling personally identifiable information (PII) and protected health information (PHI) to sophisticated cyber threats.
Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-188145
TPRM report: https://www.rankiteo.com/company/lg-enchanted-woods-llc
"id": "lg-559091725",
"linkid": "lg-enchanted-woods-llc",
"type": "Ransomware",
"date": "1/2020",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'industry': 'legal services',
'location': 'California, USA',
'name': 'Woods & Woods, LLC',
'type': 'law firm'}],
'data_breach': {'personally_identifiable_information': ['names',
'addresses',
'dates of birth',
'Social Security '
'numbers'],
'sensitivity_of_data': 'high',
'type_of_data_compromised': ['personally identifiable '
'information (PII)',
'protected health information '
'(PHI)',
'financial information']},
'date_detected': '2020-01-15',
'date_publicly_disclosed': '2020-03-11',
'description': 'The California Office of the Attorney General reported a data '
'breach involving Woods & Woods, LLC on March 11, 2020. The '
'breach occurred on January 15, 2020, due to a ransomware '
'attack that potentially exposed names, addresses, dates of '
'birth, Social Security numbers, medical information, and bank '
'account information of affected individuals.',
'impact': {'data_compromised': ['names',
'addresses',
'dates of birth',
'Social Security numbers',
'medical information',
'bank account information'],
'identity_theft_risk': 'high',
'payment_information_risk': 'high'},
'references': [{'date_accessed': '2020-03-11',
'source': 'California Office of the Attorney General'}],
'regulatory_compliance': {'regulations_violated': ['California Consumer '
'Privacy Act (CCPA)',
'Health Insurance '
'Portability and '
'Accountability Act '
'(HIPAA)'],
'regulatory_notifications': ['California Office of '
'the Attorney '
'General']},
'title': 'Data Breach at Woods & Woods, LLC Due to Ransomware Attack',
'type': ['data breach', 'ransomware attack']}