On September 3, 2021, the Maine Attorney General's Office disclosed a data breach affecting Postlethwaite & Netterville, an accounting and advisory firm. The incident, detected on March 23, 2021, involved unauthorized access to sensitive data stored on an Accellion File Transfer Appliance (FTA), a third-party file-sharing platform. The breach exposed personally identifiable information (PII) of three Maine residents, including names, addresses, dates of birth, Social Security Numbers (SSNs), medical records, and financial details. The compromised data poses severe risks, as SSNs and financial information are prime targets for identity theft, fraud, and financial exploitation. Medical data exposure further escalates concerns, given its sensitivity and potential misuse in healthcare fraud or blackmail. While the breach was limited to a small number of individuals, the nature of the leaked information—covering financial, medical, and personally identifiable details—classifies it as a high-severity incident with long-term repercussions for the affected parties. The breach underscores vulnerabilities in third-party vendor systems, highlighting the need for robust cybersecurity measures in file-transfer solutions. Postlethwaite & Netterville likely faced reputational damage, regulatory scrutiny, and potential legal liabilities due to the exposure of highly sensitive client data.
TPRM report: https://www.rankiteo.com/company/postlethwaite-&-netterville
"id": "pos1023090725",
"linkid": "postlethwaite-&-netterville",
"type": "Breach",
"date": "1/2021",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': '3 (Maine residents)',
'industry': 'Accounting/Financial Services',
'location': {'affected_residents': ['Maine'],
'state': 'Louisiana (primary)'},
'name': 'Postlethwaite & Netterville',
'type': 'Accounting/Professional Services Firm'},
{'industry': 'Software/IT Services',
'name': 'Accellion (File Transfer Appliance vendor)',
'type': 'Technology Vendor'}],
'attack_vector': 'Exploitation of vulnerable file transfer appliance '
'(Accellion FTA)',
'data_breach': {'data_exfiltration': 'Likely (unauthorized access confirmed)',
'number_of_records_exposed': '3 (confirmed for Maine '
'residents; total scope unclear)',
'personally_identifiable_information': ['Names',
'Addresses',
'Dates of Birth',
'Social Security '
'Numbers'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Protected Health Information '
'(PHI)',
'Financial Data']},
'date_detected': '2021-03-23',
'date_publicly_disclosed': '2021-09-03',
'description': "The Maine Attorney General's Office reported a data breach "
'involving Postlethwaite & Netterville. The breach involved '
'unauthorized access to data stored on an Accellion File '
'Transfer Appliance, potentially affecting three Maine '
'residents. The compromised information included names, '
'addresses, dates of birth, Social Security Numbers, and '
'medical and financial information.',
'impact': {'data_compromised': ['Names',
'Addresses',
'Dates of Birth',
'Social Security Numbers',
'Medical Information',
'Financial Information'],
'identity_theft_risk': 'High (PII and sensitive data exposed)',
'payment_information_risk': 'Potential (financial information '
'compromised)',
'systems_affected': ['Accellion File Transfer Appliance']},
'references': [{'date_accessed': '2021-09-03',
'source': "Maine Attorney General's Office"}],
'regulatory_compliance': {'regulatory_notifications': ['Maine Attorney '
"General's Office"]},
'response': {'communication_strategy': {'affected_individuals_notification': None,
'regulatory_notification': 'Maine '
'Attorney '
"General's "
'Office '
'(2021-09-03)'}},
'title': 'Data Breach at Postlethwaite & Netterville via Accellion File '
'Transfer Appliance',
'type': 'Data Breach',
'vulnerability_exploited': 'Accellion File Transfer Appliance (FTA) '
'vulnerabilities'}