The Washington State Office of the Attorney General disclosed a data breach affecting Made In Oregon, occurring between September 1, 2020, and February 28, 2021. The incident exposed sensitive personal and financial information of approximately 12,890 individuals, including 840 Washington residents. Compromised data included names, billing/shipping addresses, email addresses, and credit card details, raising significant concerns over financial fraud and identity theft risks. The breach highlights vulnerabilities in the company’s data protection measures, potentially leading to unauthorized transactions, phishing attacks targeting affected customers, and reputational damage. While the exact method of compromise (e.g., phishing, system exploitation) was not specified, the exposure of payment card data aligns with patterns seen in financially motivated cyberattacks. Customers may face fraudulent charges, while the company could incur regulatory penalties, legal costs, and erosion of trust. The scale and nature of the leaked data suggest a high-risk scenario for both individuals and the organization, though no evidence of ransomware or broader systemic disruption was reported.
TPRM report: https://www.rankiteo.com/company/made-in-oregon
"id": "mad732082025",
"linkid": "made-in-oregon",
"type": "Breach",
"date": "9/2020",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 12890,
'industry': 'Retail / E-commerce',
'location': 'Oregon, USA (affecting Washington '
'residents)',
'name': 'Made In Oregon',
'type': 'Retail Company'},
{'customers_affected': 840,
'location': 'Washington, USA',
'name': 'Washington State Residents',
'type': 'Individuals'}],
'data_breach': {'data_exfiltration': 'Likely (data accessed by unauthorized '
'parties)',
'number_of_records_exposed': 12890,
'personally_identifiable_information': ['Names',
'Billing addresses',
'Shipping addresses',
'Email addresses'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Payment Card Information']},
'date_publicly_disclosed': '2021-06-22',
'description': 'The Washington State Office of the Attorney General reported '
'a data breach involving Made In Oregon. The breach occurred '
'between September 1, 2020, and February 28, 2021, potentially '
'affecting 840 Washington residents and around 12,890 '
'individuals in total. The compromised data included names, '
'billing addresses, shipping addresses, email addresses, and '
'credit card information.',
'impact': {'data_compromised': ['Names',
'Billing addresses',
'Shipping addresses',
'Email addresses',
'Credit card information'],
'identity_theft_risk': 'High (PII and payment data exposed)',
'payment_information_risk': 'High (credit card information '
'exposed)'},
'references': [{'date_accessed': '2021-06-22',
'source': 'Washington State Office of the Attorney General'}],
'regulatory_compliance': {'regulatory_notifications': 'Washington State '
'Office of the Attorney '
'General'},
'response': {'communication_strategy': 'Public disclosure via Washington '
'State Office of the Attorney General'},
'title': 'Made In Oregon Data Breach (2020-2021)',
'type': 'Data Breach'}