The Maine Office of the Attorney General disclosed a data breach at Private Client Services, LLC (PCS) on May 27, 2022, stemming from unauthorized access to an employee’s email account between November 4 and November 18, 2021. The incident was detected on April 25, 2022, exposing sensitive personal data of 22,554 individuals, including 19 Maine residents. The compromised information included names, Social Security numbers (SSNs), and driver’s license numbers highly sensitive identifiers that elevate risks of identity theft, financial fraud, and long-term reputational harm for affected individuals. The breach originated from a phishing or credential-compromise attack, targeting an employee’s account, which granted threat actors prolonged access to confidential records. While the breach did not involve ransomware or systemic operational disruption, the exposure of SSNs and government-issued IDs classifies it as a high-severity incident due to the irreversible nature of such data leaks and the potential for downstream criminal exploitation. The company likely faced regulatory scrutiny, legal liabilities, and erosion of client trust, particularly given the scale of affected records.
TPRM report: https://www.rankiteo.com/company/private-client-services-investments
"id": "pri804082025",
"linkid": "private-client-services-investments",
"type": "Breach",
"date": "11/2021",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 22554,
'name': 'Private Client Services, LLC (PCS)',
'type': 'Private Company'},
{'customers_affected': 19,
'industry': 'Legal/Regulatory',
'location': 'Maine, USA',
'name': 'Maine Office of the Attorney General',
'type': 'Government Agency'}],
'attack_vector': 'Unauthorized Access (Email Account Compromise)',
'data_breach': {'data_exfiltration': 'Potential (unconfirmed)',
'number_of_records_exposed': 22554,
'personally_identifiable_information': ['Names',
'Social Security '
'Numbers',
"Driver's License "
'Numbers'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)']},
'date_detected': '2022-04-25',
'date_publicly_disclosed': '2022-05-27',
'description': 'The Maine Office of the Attorney General reported a data '
'breach involving Private Client Services, LLC (PCS). The '
'breach occurred due to unauthorized access to an employee '
'email account between November 4 and November 18, 2021, '
'affecting 22,554 individuals, including 19 Maine residents. '
'Sensitive information potentially accessed includes names, '
"Social Security numbers, and driver's license numbers.",
'impact': {'data_compromised': ['Names',
'Social Security Numbers',
"Driver's License Numbers"],
'identity_theft_risk': 'High (PII exposed)',
'systems_affected': ['Employee Email Account']},
'initial_access_broker': {'entry_point': 'Employee Email Account'},
'post_incident_analysis': {'root_causes': 'Unauthorized access to employee '
'email account (potential phishing '
'or credential compromise)'},
'references': [{'date_accessed': '2022-05-27',
'source': 'Maine Office of the Attorney General'}],
'regulatory_compliance': {'regulatory_notifications': ['Maine Office of the '
'Attorney General']},
'response': {'communication_strategy': 'Public Disclosure via Maine AG '
'Office'},
'title': 'Data Breach at Private Client Services, LLC (PCS)',
'type': 'Data Breach'}