On September 14, 2022, One Stop Financial Services experienced a data breach due to unauthorized access to an employee’s email account. The incident, reported on January 9, 2024, by the Maine Office of the Attorney General, exposed sensitive personal and financial information of 1,179 individuals, including names, Social Security numbers, and financial account numbers. The breach posed a significant risk of identity theft and financial fraud, prompting the company to offer 24 months of identity theft protection services through Equifax to affected individuals. The compromised data, which included highly sensitive identifiers, heightened concerns over potential misuse for fraudulent activities, reputational damage, and long-term financial harm to the victims. The breach underscored vulnerabilities in email security protocols and the broader implications of third-party access to confidential customer data.
TPRM report: https://www.rankiteo.com/company/one-stop-tax-financial-services
"id": "one727082025",
"linkid": "one-stop-tax-financial-services",
"type": "Breach",
"date": "9/2022",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '1,179 individuals',
'industry': 'Financial Services',
'name': 'One Stop Financial Services',
'type': 'Financial Services Provider'}],
'attack_vector': 'Compromised Employee Email Account',
'customer_advisories': '24 months of identity theft protection services '
'offered via Equifax',
'data_breach': {'number_of_records_exposed': '1,179',
'personally_identifiable_information': ['Names',
'Social Security '
'Numbers'],
'sensitivity_of_data': 'High (includes SSNs and financial '
'account numbers)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Financial Data']},
'date_detected': '2022-09-14',
'date_publicly_disclosed': '2024-01-09',
'description': 'Unauthorized access to an employee email account at One Stop '
'Financial Services was identified on September 14, 2022, '
'potentially compromising sensitive personal and financial '
'information of 1,179 individuals. The breach was reported to '
'the Maine Office of the Attorney General on January 9, 2024. '
'Affected individuals are being offered 24 months of identity '
'theft protection services through Equifax.',
'impact': {'brand_reputation_impact': 'Potential reputational harm due to '
'exposure of sensitive customer data',
'data_compromised': ['Names',
'Social Security Numbers',
'Financial Account Numbers'],
'identity_theft_risk': 'High (due to exposure of SSNs and '
'financial data)',
'payment_information_risk': 'High (financial account numbers '
'compromised)',
'systems_affected': ['Employee Email Account']},
'initial_access_broker': {'entry_point': 'Employee Email Account'},
'references': [{'date_accessed': '2024-01-09',
'source': 'Maine Office of the Attorney General'}],
'regulatory_compliance': {'regulatory_notifications': 'Maine Office of the '
'Attorney General'},
'response': {'communication_strategy': 'Public disclosure via Maine Office of '
'the Attorney General',
'remediation_measures': 'Offering 24 months of identity theft '
'protection services to affected '
'individuals',
'third_party_assistance': 'Equifax (for identity theft '
'protection services)'},
'title': 'Data Breach at One Stop Financial Services via Employee Email '
'Account Compromise',
'type': 'Data Breach'}