The California Office of the Attorney General disclosed a data breach affecting Palmaz Vineyards in June 2015, linked to its third-party vendor, Missing Link Networks, Inc. (a consumer direct sales systems provider). The incident exposed sensitive customer data, including names, credit/debit card numbers, payment addresses, passwords, and dates of birth, collected between April 1 and April 30, 2015. The breach stemmed from vulnerabilities in the vendor’s systems, though the exact number of impacted individuals was not specified. The compromised data particularly financial and personal identifiers posed significant risks of fraud, identity theft, and unauthorized transactions. While no evidence suggested immediate misuse, the exposure of payment details and authentication credentials heightened concerns over long-term financial and reputational harm to affected customers. The breach underscored vulnerabilities in third-party vendor security protocols, raising questions about Palmaz Vineyards’ oversight of its supply chain cybersecurity measures.
Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-56452
TPRM report: https://www.rankiteo.com/company/palmaz-vineyards
"id": "pal153082025",
"linkid": "palmaz-vineyards",
"type": "Breach",
"date": "4/2015",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Unknown',
'industry': 'Food & Beverage / Wine Production',
'location': 'California, USA',
'name': 'Palmaz Vineyards',
'type': 'Business (Winery)'},
{'industry': 'Technology / E-commerce Solutions',
'name': 'Missing Link Networks, Inc.',
'type': 'Service Provider (Consumer Direct Sales '
'Systems)'}],
'data_breach': {'data_exfiltration': 'Likely (data exposed to unauthorized '
'parties)',
'number_of_records_exposed': 'Unknown',
'personally_identifiable_information': ['Names',
'Dates of birth',
'Payment addresses'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Payment Card Data']},
'date_publicly_disclosed': '2015-06-18',
'description': 'The California Office of the Attorney General reported a data '
'breach incident involving Palmaz Vineyards on June 18, 2015. '
'The breach, reported by the consumer direct sales systems '
'provider Missing Link Networks, Inc., potentially exposed '
'customer names, credit and debit card numbers, payment '
'addresses, passwords, and dates of birth between April 1, '
'2015 and April 30, 2015. The number of individuals affected '
'remains unknown.',
'impact': {'data_compromised': ['Customer names',
'Credit and debit card numbers',
'Payment addresses',
'Passwords',
'Dates of birth'],
'identity_theft_risk': 'High (PII and payment data exposed)',
'payment_information_risk': 'High (credit/debit card numbers '
'exposed)'},
'references': [{'source': 'California Office of the Attorney General'}],
'regulatory_compliance': {'regulatory_notifications': 'California Office of '
'the Attorney General'},
'response': {'law_enforcement_notified': 'Yes (California Office of the '
'Attorney General)'},
'title': 'Palmaz Vineyards Data Breach (2015)',
'type': 'Data Breach'}