On January 27, 2022, the Maine Office of the Attorney General disclosed a data breach affecting Perron Insurance Services, originating from an unauthorized access incident on or around October 7, 2021. The breach involved the compromise of an employee email account, which exposed sensitive personal information of 48 individuals, including names and driver’s license numbers. The incident highlights vulnerabilities in email security protocols, as threat actors exploited weak or compromised credentials to infiltrate the system. While the exposed data did not include highly sensitive details like financial records or Social Security numbers, the leak of driver’s license numbers poses risks of identity theft, fraud, or phishing attacks targeting the affected individuals. The breach underscores the need for robust multi-factor authentication (MFA), employee cybersecurity training, and continuous monitoring of email accounts to prevent similar intrusions. Perron Insurance Services likely faced reputational damage and potential regulatory scrutiny, particularly under state data protection laws requiring timely breach notifications. The limited scope of exposed data (48 individuals) mitigates broader operational or financial fallout, but the incident serves as a cautionary example of how third-party breaches via email compromises can erode customer trust and necessitate remediation efforts, including credit monitoring for victims.
TPRM report: https://www.rankiteo.com/company/perron-insurance-services
"id": "per020091825",
"linkid": "perron-insurance-services",
"type": "Breach",
"date": "10/2021",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'customers_affected': 48,
'industry': 'Insurance',
'location': 'Maine, USA',
'name': 'Perron Insurance Services',
'type': 'Business'}],
'attack_vector': 'Compromised Email Account',
'data_breach': {'data_exfiltration': 'Potential',
'number_of_records_exposed': 48,
'personally_identifiable_information': ['Names',
"Driver's License "
'Numbers'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personal Identifiable '
'Information (PII)']},
'date_detected': '2021-10-07',
'date_publicly_disclosed': '2022-01-27',
'description': 'The Maine Office of the Attorney General reported a data '
'breach involving Perron Insurance Services on January 27, '
'2022. The breach occurred on or about October 7, 2021, when '
'an unauthorized individual accessed an employee email '
'account, potentially exposing information including names and '
"driver's license numbers of 48 individuals.",
'impact': {'data_compromised': ['Names', "Driver's License Numbers"],
'identity_theft_risk': 'Potential',
'systems_affected': ['Employee Email Account']},
'initial_access_broker': {'entry_point': 'Employee Email Account'},
'references': [{'date_accessed': '2022-01-27',
'source': 'Maine Office of the Attorney General'}],
'regulatory_compliance': {'regulatory_notifications': ['Maine Office of the '
'Attorney General']},
'threat_actor': 'Unauthorized Individual',
'title': 'Data Breach at Perron Insurance Services',
'type': 'Data Breach'}