On September 17, 2021, the Maine Office of the Attorney General disclosed a data breach affecting PFU America, Inc., stemming from unauthorized access to a third-party vendor’s system. The incident, discovered on July 27, 2021, exposed financial information, specifically payment card data, of 4,875 individuals, including 13 Maine residents. The compromised data spanned transactions from November 30, 2020, to July 27, 2021. While the breach did not involve broader personal identifiers (e.g., Social Security numbers or full identities), the exposure of payment card details poses risks of fraudulent transactions and financial exploitation. Affected individuals were offered 12 months of identity theft protection as a remedial measure. The breach highlights vulnerabilities in vendor security protocols, raising concerns about supply chain cyber risks and the potential for reputational damage due to the financial nature of the exposed data. No ransomware or large-scale operational disruption was reported, but the incident underscores the need for stricter third-party risk management in payment processing ecosystems.
TPRM report: https://www.rankiteo.com/company/pfuamerica
"id": "pfu014091825",
"linkid": "pfuamerica",
"type": "Breach",
"date": "11/2020",
"severity": "60",
"impact": "2",
"explanation": "Attack limited on finance or reputation"{'affected_entities': [{'customers_affected': '4,875 individuals (including 13 '
'Maine residents)',
'name': 'PFU America, Inc.',
'type': 'Corporation'},
{'name': 'Unnamed Vendor',
'type': 'Third-Party Vendor'}],
'customer_advisories': 'Affected individuals notified and offered 12 months '
'of identity theft protection services',
'data_breach': {'data_exfiltration': 'Likely (unauthorized access confirmed)',
'number_of_records_exposed': '4,875',
'sensitivity_of_data': 'High (financial/payment data)',
'type_of_data_compromised': ['Financial information',
'Payment card information']},
'date_detected': '2021-07-27',
'date_publicly_disclosed': '2021-09-17',
'description': 'The Maine Office of the Attorney General reported a data '
'breach incident involving PFU America, Inc. The breach '
'entailed unauthorized access to a vendor system, potentially '
'compromising financial information (including payment card '
'data) of 4,875 individuals, with 13 of them being Maine '
'residents. The exposed data spans from November 30, 2020, to '
'July 27, 2021. Affected individuals were offered 12 months of '
'identity theft protection services.',
'impact': {'brand_reputation_impact': 'Potential reputational harm due to '
'exposure of financial data',
'data_compromised': ['Payment card information'],
'identity_theft_risk': 'High (financial/payment data exposed)',
'payment_information_risk': 'Confirmed (payment card information '
'compromised)',
'systems_affected': ['Vendor system']},
'references': [{'date_accessed': '2021-09-17',
'source': 'Maine Office of the Attorney General'}],
'regulatory_compliance': {'regulatory_notifications': 'Reported to Maine '
'Office of the Attorney '
'General'},
'response': {'recovery_measures': 'Offered 12 months of identity theft '
'protection services to affected '
'individuals'},
'title': 'PFU America, Inc. Data Breach via Vendor System',
'type': 'Data Breach (Third-Party Vendor Compromise)'}