On May 29, 2023, Planet Home Lending, LLC experienced a data breach due to the exploitation of a security vulnerability in the MOVEit file transfer platform, leading to unauthorized access by threat actors. The incident was reported to the Maine Office of the Attorney General on September 8, 2023. The breach compromised sensitive personal information, including Social Security Numbers (SSNs), affecting 3,119 individuals. The attack leveraged a known flaw in MOVEit, a widely used file transfer tool, which had been targeted in a broader campaign by cybercriminals. While the exact extent of the data misuse remains undisclosed, the exposure of SSNs poses significant risks, including identity theft, financial fraud, and long-term reputational harm to the affected individuals. The company likely faced regulatory scrutiny, potential legal liabilities, and the need for remediation measures, such as credit monitoring for victims. The breach underscores the critical importance of patch management and third-party risk assessment, as vulnerabilities in widely adopted software can serve as entry points for large-scale data exfiltration. The incident aligns with a growing trend of supply-chain attacks, where attackers exploit weaknesses in trusted vendors to infiltrate multiple organizations simultaneously.
TPRM report: https://www.rankiteo.com/company/planet-home-lending-llc
"id": "pla004091825",
"linkid": "planet-home-lending-llc",
"type": "Vulnerability",
"date": "5/2023",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '3,119',
'industry': 'Financial Services',
'name': 'Planet Home Lending, LLC',
'type': 'Financial Services (Mortgage Lending)'}],
'attack_vector': 'Exploitation of software vulnerability (MOVEit file '
'transfer platform)',
'data_breach': {'data_exfiltration': 'Yes',
'number_of_records_exposed': '3,119',
'personally_identifiable_information': ['Social Security '
'Numbers'],
'sensitivity_of_data': 'High (includes Social Security '
'Numbers)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)']},
'date_publicly_disclosed': '2023-09-08',
'description': 'The Maine Office of the Attorney General reported a data '
'breach involving Planet Home Lending, LLC. The breach '
'occurred due to unauthorized access via exploitation of a '
'security vulnerability in the MOVEit file transfer platform. '
'A total of 3,119 individuals were affected, with Social '
'Security Numbers among the compromised data.',
'impact': {'data_compromised': ['Social Security Numbers'],
'identity_theft_risk': 'High (SSNs compromised)',
'systems_affected': ['MOVEit file transfer platform']},
'post_incident_analysis': {'root_causes': 'Exploitation of unpatched '
'vulnerability in MOVEit file '
'transfer platform'},
'references': [{'date_accessed': '2023-09-08',
'source': 'Maine Office of the Attorney General'}],
'regulatory_compliance': {'regulatory_notifications': ['Maine Office of the '
'Attorney General']},
'response': {'communication_strategy': 'Public disclosure via Maine Office of '
'the Attorney General'},
'title': 'Data Breach at Planet Home Lending, LLC via MOVEit Vulnerability',
'type': 'Data Breach',
'vulnerability_exploited': 'MOVEit file transfer platform vulnerability'}