On March 30, 2021, McCabe & Associates experienced a data breach due to a credential compromise via phishing, exposing sensitive personal and financial information of five Maine residents. The compromised data included names, financial account numbers, and Social Security numbers highly sensitive details that could facilitate identity theft or financial fraud. The breach was reported to the Maine Office of the Attorney General on July 2, 2021, nearly three months after the incident. In response, the company offered affected individuals 12 months of credit monitoring and identity restoration services through Equifax to mitigate potential harm. The breach highlights vulnerabilities in credential security and the risks of phishing attacks targeting employee access, leading to unauthorized exposure of personally identifiable information (PII). While the scale of affected individuals was limited (five residents), the nature of the leaked data particularly Social Security numbers and financial account details poses significant long-term risks for identity theft, financial fraud, and reputational damage to both the individuals and the company.
TPRM report: https://www.rankiteo.com/company/mccabe-duval---associates
"id": "mcc547091725",
"linkid": "mccabe-duval---associates",
"type": "Breach",
"date": "3/2021",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 5,
'name': 'McCabe & Associates',
'type': 'Organization'}],
'attack_vector': 'Phishing (Credential Compromise)',
'customer_advisories': '12 months of credit monitoring and identity '
'restoration services offered to affected individuals '
'via Equifax',
'data_breach': {'number_of_records_exposed': 5,
'personally_identifiable_information': ['Names',
'Social Security '
'Numbers'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Financial Data']},
'date_detected': '2021-03-30',
'date_publicly_disclosed': '2021-07-02',
'description': 'The Maine Office of the Attorney General reported a data '
'breach involving McCabe & Associates on July 2, 2021. The '
'breach occurred on March 30, 2021, due to a credential '
"compromise via phishing, affecting 5 Maine residents' "
'information which included names, financial account numbers, '
'and Social Security numbers. McCabe & Associates has offered '
'affected individuals 12 months of credit monitoring and '
'identity restoration services through Equifax.',
'impact': {'data_compromised': ['Names',
'Financial Account Numbers',
'Social Security Numbers'],
'identity_theft_risk': 'High (PII and financial data exposed)',
'payment_information_risk': 'High (Financial account numbers '
'exposed)'},
'initial_access_broker': {'entry_point': 'Phishing (Credential Compromise)'},
'references': [{'source': 'Maine Office of the Attorney General'}],
'regulatory_compliance': {'regulatory_notifications': 'Maine Office of the '
'Attorney General'},
'response': {'third_party_assistance': 'Equifax (Credit Monitoring & Identity '
'Restoration Services)'},
'title': 'Data Breach at McCabe & Associates via Phishing Attack',
'type': 'Data Breach'}