NESCTC reported a data breach to the Attorney General of Massachusetts, revealing that a cybersecurity attack occurred around April 14, 2025. The investigation confirmed unauthorized access to its network, exposing sensitive personal identifiable information (PII) of individuals. The compromised data includes names, Social Security numbers, addresses, dates of birth, driver’s license numbers, and financial account numbers. The breach impacted varying sets of personal data per individual, with NESCTC initiating a review to identify affected parties. On November 11, 2025, the company began mailing notification letters to victims, offering complimentary credit monitoring services as a remedial measure. The incident underscores a severe compromise of customer PII, posing risks of identity theft, financial fraud, and reputational harm. The breach notice was formally filed with Massachusetts authorities, highlighting the regulatory and operational consequences of the attack.
Source: https://straussborrelli.com/2025/11/14/nesctc-security-agency-data-breach-investigation/
TPRM report: https://www.rankiteo.com/company/nesctc
"id": "nes5393153111525",
"linkid": "nesctc",
"type": "Cyber Attack",
"date": "4/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'location': 'Massachusetts, USA', 'name': 'NESCTC'}],
'customer_advisories': 'Notification letters mailed to impacted individuals '
'on 2025-11-11, including details of exposed PII and '
'credit monitoring services',
'data_breach': {'data_exfiltration': 'Potential (unauthorized access '
'confirmed)',
'personally_identifiable_information': ['Name',
'Social Security '
'number',
'Address',
'Date of birth',
'Driver’s license '
'number'],
'sensitivity_of_data': 'High (includes SSN, financial account '
'numbers)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Financial data']},
'date_detected': '2025-04-14',
'date_publicly_disclosed': '2025-11-11',
'description': 'NESCTC reported a data breach to the Attorney General of the '
'Commonwealth of Massachusetts, where sensitive personal '
'identifiable information (PII) may have been compromised. The '
'breach was discovered on or around April 14, 2025, and '
'involved unauthorized access to PII such as names, Social '
'Security numbers, addresses, dates of birth, driver’s license '
'numbers, and financial account numbers. Notification letters '
'were mailed to affected individuals on November 11, 2025, '
'offering complimentary credit monitoring services.',
'impact': {'brand_reputation_impact': 'Potential negative impact due to '
'exposure of sensitive PII',
'data_compromised': ['Name',
'Social Security number',
'Address',
'Date of birth',
'Driver’s license number',
'Financial account number'],
'identity_theft_risk': 'High (PII including SSN, financial data '
'exposed)',
'payment_information_risk': 'High (financial account numbers '
'exposed)'},
'investigation_status': 'Completed (data review ongoing to identify specific '
'individuals affected)',
'references': [{'source': 'Attorney General of the Commonwealth of '
'Massachusetts - Breach Notice'}],
'regulatory_compliance': {'regulatory_notifications': 'Breach reported to the '
'Attorney General of '
'the Commonwealth of '
'Massachusetts'},
'response': {'communication_strategy': 'Notification letters mailed to '
'impacted individuals on 2025-11-11; '
'breach notice filed with the Attorney '
'General of Massachusetts',
'incident_response_plan_activated': True,
'recovery_measures': 'Complimentary credit monitoring services '
'offered to affected individuals'},
'threat_actor': 'Unauthorized third party',
'title': 'NESCTC Data Breach',
'type': 'Data Breach'}