The California Office of the Attorney General disclosed a data breach at Mechanics Bank (operating as CRB Auto) on February 14, 2020, stemming from the improper disposal of a hard drive containing customer loan documentation. The device, which was not securely erased or removed during computer disposal, exposed sensitive financial records. The breach was formally reported on August 28, 2020, though the exact number of affected individuals remains undisclosed. The incident highlights negligence in data sanitization protocols, risking unauthorized access to personal and financial information tied to loan agreements. While no evidence of malicious exploitation was confirmed, the exposure of such data poses potential threats to customer privacy, financial security, and regulatory compliance. The delay in reporting—spanning over six months—further compounds concerns about transparency and incident response efficiency.
Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-193553
TPRM report: https://www.rankiteo.com/company/mymechanics.com
"id": "mym013091825",
"linkid": "mymechanics.com",
"type": "Breach",
"date": "2/2020",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Unknown',
'industry': 'Banking/Automotive Financing',
'location': 'California, USA',
'name': 'Mechanics Bank (operating as CRB Auto)',
'type': 'Financial Institution'}],
'data_breach': {'number_of_records_exposed': 'Unknown',
'personally_identifiable_information': 'Likely (loan '
'documentation '
'typically includes '
'PII)',
'sensitivity_of_data': 'High (loan documents likely contain '
'PII)',
'type_of_data_compromised': 'Customer loan documentation'},
'date_detected': '2020-02-14',
'date_publicly_disclosed': '2020-08-28',
'description': 'The California Office of the Attorney General reported that '
'Mechanics Bank, operating as CRB Auto, experienced a data '
'breach on February 14, 2020, involving a hard drive '
'containing customer loan documentation that was mistakenly '
'not removed during computer disposal. The breach was reported '
'on August 28, 2020, but the specific number of affected '
'individuals is unknown.',
'impact': {'brand_reputation_impact': 'Potential (due to public disclosure of '
'breach)',
'data_compromised': True,
'identity_theft_risk': 'Potential (customer loan documentation '
'exposed)'},
'investigation_status': 'Reported; further details unknown',
'post_incident_analysis': {'root_causes': 'Improper disposal of hardware '
'containing sensitive customer data '
'(failure in data '
'sanitization/destruction '
'procedures)'},
'references': [{'source': 'California Office of the Attorney General'}],
'regulatory_compliance': {'regulations_violated': ['Potential violation of '
'California Consumer '
'Privacy Act (CCPA)',
'Potential violation of '
'Gram-Leach-Bliley Act '
'(GLBA) Safeguards Rule'],
'regulatory_notifications': 'Reported to California '
'Office of the Attorney '
'General'},
'response': {'communication_strategy': 'Public disclosure via California '
'Office of the Attorney General'},
'title': 'Mechanics Bank (CRB Auto) Data Breach via Improper Hard Drive '
'Disposal',
'type': 'Data Breach (Physical/Improper Disposal)',
'vulnerability_exploited': 'Improper disposal of hardware containing '
'sensitive data'}