The California Office of the Attorney General reported a data breach involving PennyMac Loan Services LLC on August 28, 2023. The breach occurred on May 27, 2023, when unauthorized actors exploited a vulnerability in the MOVEit Transfer application used by the company, potentially exposing personal information of customers. The specific types of compromised information were not detailed in the report.
Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-572503
TPRM report: https://www.rankiteo.com/company/pennymac
"id": "pen257072725",
"linkid": "pennymac",
"type": "Vulnerability",
"date": "5/2023",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Financial Services',
'location': 'California',
'name': 'PennyMac Loan Services LLC',
'type': 'Company'}],
'attack_vector': 'Exploitation of Vulnerability',
'data_breach': {'type_of_data_compromised': 'Personal information'},
'date_detected': '2023-05-27',
'date_publicly_disclosed': '2023-08-28',
'description': 'The California Office of the Attorney General reported a data '
'breach involving PennyMac Loan Services LLC on August 28, '
'2023. The breach occurred on May 27, 2023, when unauthorized '
'actors exploited a vulnerability in the MOVEit Transfer '
'application used by the company, potentially exposing '
'personal information of customers. The specific types of '
'compromised information were not detailed in the report.',
'impact': {'data_compromised': 'Personal information of customers'},
'references': [{'date_accessed': '2023-08-28',
'source': 'California Office of the Attorney General'}],
'threat_actor': 'Unauthorized actors',
'title': 'Data Breach at PennyMac Loan Services LLC',
'type': 'Data Breach',
'vulnerability_exploited': 'MOVEit Transfer application vulnerability'}