Propeller Industries, a financial services firm specializing in fractional CFO and accounting solutions for high-growth companies, suffered a data breach via its third-party service provider, Consero Global Solutions. Between April 27 and July 4, 2025, a cyberattack led to the unauthorized access and potential exposure of sensitive personally identifiable information (PII) belonging to its clients. The compromised data included names, addresses, and Social Security numbers (SSNs). The breach was detected on July 4, 2025, when Consero identified an encryption event, but Propeller Industries was only notified on September 25, 2025, with affected individuals informed via mail starting October 23, 2025. The incident was disclosed to the New Hampshire Attorney General on November 14, 2025, confirming at least 35 residents were impacted, though the total number of affected individuals remains undisclosed. The breach exposed clients to risks such as identity theft, financial fraud, and unauthorized account access, prompting Propeller to offer 12 months of free credit monitoring and identity protection services through TransUnion Cyberscout. Legal firms are investigating potential compensation claims for affected parties, including reimbursement for damages, time spent mitigating risks, and emotional distress.
Source: https://www.claimdepot.com/investigations/propeller-industries-data-breach-2025
TPRM report: https://www.rankiteo.com/company/propeller-industries
"id": "pro4602846111825",
"linkid": "propeller-industries",
"type": "Breach",
"date": "4/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Undisclosed (minimum 35 '
'confirmed in New Hampshire)',
'industry': 'Fractional CFO and Accounting Solutions',
'location': 'Global (Offices in San Francisco, Los '
'Angeles, New York, Austin, Boulder, Sun '
'Valley)',
'name': 'Propeller Industries',
'type': 'Financial Services Firm'},
{'customers_affected': 'Multiple clients (including '
'Propeller Industries)',
'industry': 'Outsourced Accounting/Finance Services',
'name': 'Consero Global Solutions',
'type': 'Service Provider'}],
'customer_advisories': 'Encouraged to enroll in credit monitoring, monitor '
'accounts, and consider legal action.',
'data_breach': {'data_encryption': 'Yes (encryption event detected on '
"Consero's network)",
'data_exfiltration': 'Likely (data accessed by threat actor)',
'number_of_records_exposed': 'Undisclosed (minimum 35 in New '
'Hampshire)',
'personally_identifiable_information': ['Names',
'Addresses',
'Social Security '
'numbers'],
'sensitivity_of_data': 'High (includes Social Security '
'numbers)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)']},
'date_detected': '2025-07-04',
'date_publicly_disclosed': '2025-10-23',
'description': 'A cyberattack on Consero Global Solutions, a service provider '
'for Propeller Industries, resulted in the exposure of '
'sensitive personally identifiable information (PII) of '
"Propeller Industries' clients. The breach occurred between "
'April 27 and July 4, 2025, with encryption detected on July '
'4, 2025. Propeller Industries was notified on September 25, '
'2025, and began notifying affected individuals on October 23, '
'2025. The exposed data includes names, addresses, and Social '
'Security numbers. At least 35 New Hampshire residents were '
'confirmed affected, though the total number remains '
'undisclosed.',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'exposure of sensitive client PII; '
'class action investigation initiated '
'by Shamis & Gentile P.A.',
'data_compromised': ['Names',
'Addresses',
'Social Security numbers'],
'identity_theft_risk': 'High (PII including SSNs exposed)',
'legal_liabilities': 'Potential lawsuits for compensation (e.g., '
'reimbursement for out-of-pocket expenses, '
'emotional distress); regulatory notification '
'to New Hampshire Attorney General.'},
'initial_access_broker': {'high_value_targets': 'Client PII (e.g., SSNs, '
'addresses)',
'reconnaissance_period': 'Potentially between April '
'27, 2025, and July 4, '
'2025'},
'investigation_status': 'Ongoing (class action investigation by Shamis & '
'Gentile P.A.)',
'ransomware': {'data_encryption': 'Yes (encryption event detected)',
'data_exfiltration': 'Likely (sensitive information accessed)'},
'recommendations': ['Sign up for free credit monitoring (TransUnion '
'Cyberscout).',
'Monitor financial statements for suspicious activity.',
'Place a fraud alert on credit reports.',
'Request annual free credit reports from major bureaus.',
'Seek legal counsel for potential compensation claims.'],
'references': [{'source': 'Shamis & Gentile P.A. Investigation Notice'},
{'date_accessed': '2025-11-14',
'source': 'New Hampshire Attorney General Disclosure'}],
'regulatory_compliance': {'legal_actions': 'Class action investigation by '
'Shamis & Gentile P.A.; potential '
'lawsuits for compensation.',
'regulatory_notifications': 'New Hampshire Attorney '
'General (notified '
'November 14, 2025)'},
'response': {'communication_strategy': 'Mail notifications to affected '
'individuals (starting October 23, '
'2025); disclosure to New Hampshire '
'Attorney General (November 14, 2025).',
'incident_response_plan_activated': 'Yes (by Consero Global '
'Solutions upon detecting '
'encryption event)',
'recovery_measures': '12 months of free TransUnion Cyberscout '
'single-bureau credit monitoring and '
'identity protection services offered to '
'affected individuals.'},
'stakeholder_advisories': 'Mail notifications to affected individuals; '
'regulatory disclosure to New Hampshire Attorney '
'General.',
'title': 'Propeller Industries Data Breach via Consero Global Solutions',
'type': 'Data Breach (Third-Party Vendor Compromise)'}