Doxim Inc.

On May 31, 2024, the Vermont Office of the Attorney General disclosed a data breach affecting **Doxim Inc.**, initially detected on **December 30, 2023**. The incident involved **unauthorized access** to sensitive files containing **personal information**, including **names, mailing addresses, account numbers, and Social Security numbers (SSNs)** of some individuals. While the exact number of affected parties remains unspecified, the exposure of such highly sensitive data—particularly SSNs—poses severe risks, including **identity theft, financial fraud, and long-term reputational harm** to the company. The breach underscores vulnerabilities in Doxim Inc.’s data protection measures, raising concerns over compliance with regulatory standards (e.g., GDPR, CCPA) and potential legal repercussions. Customers and employees may face prolonged monitoring requirements to mitigate fraud risks, while the company could incur significant costs for remediation, notifications, and regulatory fines. The incident highlights the critical need for robust cybersecurity frameworks to prevent similar exploits in the future.

Source: https://ago.vermont.gov/document/2024-05-31-doxim-data-breach-notice-consumers

TPRM report: https://www.rankiteo.com/company/pinnacle-data-systems-doxim

"id": "pin556091725",
"linkid": "pinnacle-data-systems-doxim",
"type": "Breach",
"date": "12/2023",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'customers_affected': 'unspecified',
                        'name': 'Doxim Inc.',
                        'type': 'Corporation'}],
 'data_breach': {'data_exfiltration': 'likely',
                 'personally_identifiable_information': True,
                 'sensitivity_of_data': 'high',
                 'type_of_data_compromised': ['personal information',
                                              'financial information']},
 'date_detected': '2023-12-30',
 'date_publicly_disclosed': '2024-05-31',
 'description': 'On May 31, 2024, the Vermont Office of the Attorney General '
                'reported a data breach involving Doxim Inc. The breach was '
                'detected on December 30, 2023, and involved unauthorized '
                'access to files containing personal information, including '
                'names, mailing addresses, account numbers, and Social '
                'Security numbers of some affected individuals, which remains '
                'unspecified.',
 'impact': {'data_compromised': ['names',
                                 'mailing addresses',
                                 'account numbers',
                                 'Social Security numbers'],
            'identity_theft_risk': 'high',
            'payment_information_risk': 'high'},
 'references': [{'date_accessed': '2024-05-31',
                 'source': 'Vermont Office of the Attorney General'}],
 'regulatory_compliance': {'regulatory_notifications': ['Vermont Office of the '
                                                        'Attorney General']},
 'title': 'Data Breach at Doxim Inc.',
 'type': 'Data Breach'}

Doxim Inc.

Canary Benefits Inc.: Canary Benefits Data Breach Exposes Names and SSNs

Canary Benefits and Inc.: Canary Benefits Data Breach Lawsuit Investigation

TransUnion: Only TransUnion Cases Set to Merge Over Salesforce Data Breach