Pennsylvania Department of Corrections

A security incident at a third-party vendor have compromised the personal information of employees, inmates and others involved with the state Department of Corrections.

Its system was accessed without authorization and a portion of the data on the system was exported.

The exact contents of the data remain unknown.

Compromised information included individuals’ full names, driver’s license numbers, home addresses, Social Security numbers and/or medical information.

The DOC has identified approximately 13,100 inmates, 680 employees and 11 others who may have been affected by the incident.

Source: https://www.fox43.com/article/news/local/contests/state-dept-of-corrections-notifies-employees-inmates-of-online-security-incident-with-third-party-vendor/521-6b845458-1184-4f5c-a909-a5fd1849ef9d

TPRM report: https://scoringcyber.rankiteo.com/company/corrections-pennsylvania-department-of

"id": "pen00101122",
"linkid": "corrections-pennsylvania-department-of",
"type": "Data Leak",
"date": "07/2018",
"severity": "85",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"

{'affected_entities': [{'industry': 'Corrections',
                        'name': 'State Department of Corrections',
                        'type': 'Government Agency'}],
 'attack_vector': 'Unauthorized Access',
 'data_breach': {'data_exfiltration': True,
                 'number_of_records_exposed': 13791,
                 'personally_identifiable_information': ['Full names',
                                                         'Driver’s license '
                                                         'numbers',
                                                         'Home addresses',
                                                         'Social Security '
                                                         'numbers'],
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Personally Identifiable '
                                              'Information (PII)',
                                              'Medical Information']},
 'description': 'A security incident at a third-party vendor compromised the '
                'personal information of employees, inmates, and others '
                'involved with the state Department of Corrections. The system '
                'was accessed without authorization and a portion of the data '
                'was exported. The exact contents of the data remain unknown. '
                'Compromised information included individuals’ full names, '
                'driver’s license numbers, home addresses, Social Security '
                'numbers and/or medical information. The DOC has identified '
                'approximately 13,100 inmates, 680 employees, and 11 others '
                'who may have been affected by the incident.',
 'impact': {'data_compromised': ['Full names',
                                 'Driver’s license numbers',
                                 'Home addresses',
                                 'Social Security numbers',
                                 'Medical information']},
 'title': 'Data Breach at State Department of Corrections',
 'type': 'Data Breach'}

Pennsylvania Department of Corrections

Lazarus Naturals

Estes Forwarding Worldwide

Synnovis