The California Office of the Attorney General disclosed a data breach at PlanMember Securities Corporation in June 2022, stemming from an unauthorized access attempt on an executive’s email account on February 17, 2022. The incident exposed sensitive personal data, including names, Social Security numbers, and account numbers of affected individuals. While the breach was detected, it remains unconfirmed whether the attackers successfully accessed or exfiltrated the data. The compromised email account likely contained financial and personally identifiable information (PII), raising concerns over potential identity theft, fraud, or misuse. The company did not specify the number of impacted individuals, but the nature of the exposed data particularly SSNs and financial details poses significant risks to privacy and security. Regulatory filings suggest compliance with breach notification laws, though the long-term consequences for affected parties depend on whether the data was actually exploited.
Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-554732
TPRM report: https://www.rankiteo.com/company/planmember-securities
"id": "pla1000091725",
"linkid": "planmember-securities",
"type": "Breach",
"date": "2/2022",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Financial Services',
'location': 'California, USA',
'name': 'PlanMember Securities Corporation',
'type': 'Corporation'}],
'attack_vector': 'Unauthorized access to email account',
'data_breach': {'data_exfiltration': 'unknown',
'personally_identifiable_information': ['names',
'Social Security '
'numbers'],
'sensitivity_of_data': 'High (PII and account numbers)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Financial Data']},
'date_detected': '2022-02-17',
'date_publicly_disclosed': '2022-06-29',
'description': 'The California Office of the Attorney General reported a data '
'breach involving PlanMember Securities Corporation on June '
'29, 2022. The breach occurred on February 17, 2022, when '
"unauthorized access to an executive's email account was "
'attempted, potentially exposing names, Social Security '
'numbers, and account numbers of individuals, though it '
'remains unknown whether the attackers accessed the data.',
'impact': {'data_compromised': ['names',
'Social Security numbers',
'account numbers'],
'identity_theft_risk': 'potential (unknown if accessed)',
'payment_information_risk': 'potential (account numbers exposed)',
'systems_affected': ["executive's email account"]},
'initial_access_broker': {'entry_point': "executive's email account"},
'investigation_status': 'Ongoing (unknown if data was accessed)',
'references': [{'date_accessed': '2022-06-29',
'source': 'California Office of the Attorney General'}],
'regulatory_compliance': {'regulatory_notifications': ['California Office of '
'the Attorney '
'General']},
'title': 'Data Breach at PlanMember Securities Corporation',
'type': 'Data Breach'}