Mount Hood Meadows Oregon, LLC

In March 2023, Mount Hood Meadows Oregon, LLC experienced a data breach where unauthorized actors gained access to its systems between March 9 and March 12, 2023. The incident exposed sensitive customer information for individuals who made purchases between February 21 and March 14, 2023. Compromised data includes first names, last names, mailing addresses, and credit card payment details, raising concerns over potential financial fraud and identity theft risks. The breach was publicly disclosed by the Vermont Office of the Attorney General on October 27, 2023, though the full scope of misuse such as whether the stolen data was sold or exploited remains unclear. The incident highlights vulnerabilities in payment processing systems and underscores the need for stronger cybersecurity measures to protect customer financial data from exploitation by cybercriminals.

Source: https://ago.vermont.gov/document/2023-10-27-mt-hood-meadows-oregon-data-breach-notice-consumers

TPRM report: https://www.rankiteo.com/company/mt-hood-meadows-ski-resort

"id": "mt-1010091725",
"linkid": "mt-hood-meadows-ski-resort",
"type": "Breach",
"date": "3/2023",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'customers_affected': 'Users who made purchases '
                                              'between February 21, 2023 and '
                                              'March 14, 2023',
                        'industry': 'Hospitality/Recreation',
                        'location': 'Oregon, USA',
                        'name': 'Mount Hood Meadows Oregon, LLC',
                        'type': 'Private Company'}],
 'data_breach': {'data_exfiltration': 'Likely (unauthorized access confirmed)',
                 'personally_identifiable_information': ['first names',
                                                         'last names',
                                                         'mailing addresses'],
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Personal Identifiable '
                                              'Information (PII)',
                                              'Payment Card Information']},
 'date_publicly_disclosed': '2023-10-27',
 'description': 'The Vermont Office of the Attorney General reported a data '
                'breach involving Mount Hood Meadows Oregon, LLC. The '
                'unauthorized access occurred between March 9 and March 12, '
                '2023, potentially affecting users who made purchases between '
                'February 21, 2023 and March 14, 2023. The compromised '
                "information may include customers' first names, last names, "
                'mailing addresses, and credit card payment information.',
 'impact': {'data_compromised': ['first names',
                                 'last names',
                                 'mailing addresses',
                                 'credit card payment information'],
            'identity_theft_risk': 'High (PII and payment data exposed)',
            'payment_information_risk': 'High (credit card data exposed)'},
 'references': [{'date_accessed': '2023-10-27',
                 'source': 'Vermont Office of the Attorney General'}],
 'regulatory_compliance': {'regulatory_notifications': 'Vermont Office of the '
                                                       'Attorney General'},
 'response': {'communication_strategy': 'Public disclosure via Vermont Office '
                                        'of the Attorney General'},
 'title': 'Data Breach at Mount Hood Meadows Oregon, LLC',
 'type': 'Data Breach'}