On September 25, 2020, Payette Associates Inc. suffered a data breach caused by a malware infection, leading to unauthorized access to sensitive personal information. The compromised data included names, addresses, Social Security numbers, and financial account numbers of 898 individuals, with 2 Maine residents specifically affected. The breach exposed highly sensitive personal and financial details, posing significant risks of identity theft, financial fraud, and long-term reputational harm to the affected individuals. In response, Payette offered two years of free credit monitoring via TransUnion to mitigate potential damages. The incident was formally reported by the Maine Office of the Attorney General on November 3, 2020. The breach’s scale and the nature of the exposed data—particularly financial and personally identifiable information (PII)—highlight severe vulnerabilities in the company’s cybersecurity defenses, raising concerns over compliance with data protection regulations and the potential for legal repercussions.
TPRM report: https://www.rankiteo.com/company/payette
"id": "pay1009091725",
"linkid": "payette",
"type": "Breach",
"date": "9/2020",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 898,
'industry': 'Architecture/Design',
'location': 'United States (Maine residents affected: '
'2)',
'name': 'Payette Associates Inc.',
'type': 'Private Company'}],
'attack_vector': 'Malware',
'customer_advisories': '2 years of free credit monitoring offered via '
'TransUnion',
'data_breach': {'data_exfiltration': 'Likely (unauthorized access confirmed)',
'number_of_records_exposed': 898,
'personally_identifiable_information': ['Names',
'Addresses',
'Social Security '
'numbers',
'Financial account '
'numbers'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Financial Data']},
'date_detected': '2020-09-25',
'date_publicly_disclosed': '2020-11-03',
'description': 'The Maine Office of the Attorney General reported that '
'Payette Associates Inc. experienced a data breach due to a '
'malware infection on September 25, 2020. The breach involved '
'unauthorized access to personal information, including names, '
'addresses, Social Security numbers, and financial account '
'numbers, affecting 898 individuals (2 Maine residents). '
'Payette offered 2 years of free credit monitoring through '
'TransUnion as a response.',
'impact': {'data_compromised': ['Names',
'Addresses',
'Social Security numbers',
'Financial account numbers'],
'identity_theft_risk': 'High (PII and financial data exposed)',
'payment_information_risk': 'High (financial account numbers '
'exposed)'},
'references': [{'date_accessed': '2020-11-03',
'source': 'Maine Office of the Attorney General'}],
'regulatory_compliance': {'regulatory_notifications': 'Maine Office of the '
'Attorney General'},
'response': {'communication_strategy': 'Public disclosure via Maine Attorney '
'General; offer of 2 years of free '
'credit monitoring to affected '
'individuals',
'third_party_assistance': 'TransUnion (credit monitoring '
'services)'},
'title': 'Payette Associates Inc. Data Breach (2020)',
'type': 'Data Breach (Malware Infection)'}