PKF, LLP

On August 17, 2019, PKF LLP suffered a data breach due to the theft of an unencrypted laptop. The device contained sensitive personal information, including the names and Social Security numbers of affected individuals. The breach was not immediately detected and was only reported to the California Office of the Attorney General on October 17, 2019—two months after the incident occurred. The exposed data poses a significant risk of identity theft, financial fraud, and other malicious activities targeting the victims. The delay in reporting may have further exacerbated potential harm, as affected individuals were left uninformed and vulnerable for an extended period. The incident highlights critical lapses in data security protocols, particularly the failure to encrypt portable devices storing highly sensitive information.

Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-183540

TPRM report: https://www.rankiteo.com/company/pkf-oconnor-davies

"id": "pkf550091725",
"linkid": "pkf-oconnor-davies",
"type": "Breach",
"date": "8/2019",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'industry': 'Professional Services '
                                    '(Accounting/Auditing)',
                        'location': 'California, USA',
                        'name': 'PKF LLP',
                        'type': 'Accounting Firm'}],
 'attack_vector': 'Theft of Unencrypted Laptop',
 'data_breach': {'data_encryption': 'No',
                 'data_exfiltration': 'Yes (via physical theft)',
                 'personally_identifiable_information': ['Names',
                                                         'Social Security '
                                                         'Numbers'],
                 'sensitivity_of_data': 'High (SSNs included)',
                 'type_of_data_compromised': ['Personally Identifiable '
                                              'Information (PII)']},
 'date_detected': '2019-08-17',
 'date_publicly_disclosed': '2019-10-17',
 'description': 'The California Office of the Attorney General reported that '
                'PKF LLP experienced a data breach on August 17, 2019, '
                'involving the theft of an unencrypted laptop containing '
                'personal information, including names and Social Security '
                'numbers of affected individuals. The breach was reported on '
                'October 17, 2019.',
 'impact': {'data_compromised': ['Names', 'Social Security Numbers'],
            'identity_theft_risk': 'High (PII exposed)',
            'systems_affected': ['Unencrypted Laptop']},
 'post_incident_analysis': {'root_causes': ['Unencrypted Laptop',
                                            'Inadequate Physical Security '
                                            'Controls']},
 'references': [{'source': 'California Office of the Attorney General'}],
 'regulatory_compliance': {'regulations_violated': ['California Data Breach '
                                                    'Notification Law '
                                                    '(likely)'],
                           'regulatory_notifications': ['California Office of '
                                                        'the Attorney '
                                                        'General']},
 'response': {'communication_strategy': 'Public Disclosure via California AG '
                                        'Report'},
 'title': 'PKF LLP Data Breach (2019)',
 'type': 'Data Breach (Physical Theft)',
 'vulnerability_exploited': 'Lack of Encryption on Portable Device'}

PKF, LLP

Grafana: Grafana GitHub Token Breach Led to Codebase Download and Extortion Attempt

Reqrea: Millions Of Hotel Guests' IDs Left Open Online In Massive Security Blunder

Belambra, Gîtes de France and Pierre & Vacances-Center Parcs: Gîtes de France among three booking websites to be hit by cyberattack