On July 6, 2021, Principal Financial Group experienced a data breach when an employee inadvertently exposed sensitive personal information of two Maine residents via a Facebook post. The compromised data, displayed on the employee’s computer screen, included names, dates of birth, and Social Security numbers—highly sensitive details that could facilitate identity theft or financial fraud. The breach was reported to the Maine Office of the Attorney General on July 22, 2021. Affected individuals were offered one year of credit monitoring through Equifax as a remedial measure. While the incident involved a limited number of victims, the exposure of Social Security numbers elevates the risk of long-term harm, including potential fraud or misuse of personal identities. The breach stemmed from human error rather than a targeted cyber attack, but the unintentional disclosure of such critical data underscores vulnerabilities in internal data-handling protocols and employee awareness training.
TPRM report: https://www.rankiteo.com/company/principalfinancialgroup
"id": "pri956091725",
"linkid": "principalfinancialgroup",
"type": "Breach",
"date": "7/2021",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'customers_affected': '2 (Maine residents)',
'industry': 'Insurance/Investment Management',
'location': 'Des Moines, Iowa, USA',
'name': 'Principal Financial Group',
'type': 'Financial Services'},
{'industry': 'Legal/Regulatory',
'location': 'Augusta, Maine, USA',
'name': 'Maine Office of the Attorney General',
'type': 'Government (State Regulatory Body)'}],
'attack_vector': 'Human Error (Inadvertent Exposure via Social Media)',
'customer_advisories': 'Credit monitoring services offered to affected '
'individuals',
'data_breach': {'data_exfiltration': 'No (Unintentional display)',
'number_of_records_exposed': '2',
'personally_identifiable_information': ['Names',
'Dates of Birth',
'Social Security '
'Numbers'],
'sensitivity_of_data': 'High (SSNs included)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)']},
'date_detected': '2021-07-06',
'date_publicly_disclosed': '2021-07-22',
'description': 'The Maine Office of the Attorney General reported a data '
'breach involving Principal Financial Group on July 22, 2021. '
'The breach occurred on July 6, 2021, due to personal '
'information being inadvertently displayed on a Principal '
"employee's computer screen in a Facebook post, affecting 2 "
'Maine residents. Compromised information included names, '
'dates of birth, and Social Security numbers, and impacted '
'individuals were offered one year of credit monitoring '
'services from Equifax.',
'impact': {'brand_reputation_impact': 'Potential (Limited to 2 individuals)',
'data_compromised': ['Names',
'Dates of Birth',
'Social Security Numbers'],
'identity_theft_risk': 'High (PII exposed)'},
'investigation_status': 'Disclosed (No further details provided)',
'post_incident_analysis': {'root_causes': 'Human error (inadvertent exposure '
'of PII on social media)'},
'references': [{'source': 'Maine Office of the Attorney General'}],
'regulatory_compliance': {'regulatory_notifications': 'Maine Office of the '
'Attorney General'},
'response': {'communication_strategy': 'Public disclosure via Maine AG office',
'remediation_measures': 'Offered 1 year of credit monitoring to '
'affected individuals',
'third_party_assistance': 'Equifax (Credit Monitoring Services)'},
'title': 'Principal Financial Group Data Breach (2021)',
'type': 'Data Breach (Unintentional Disclosure)'}