On January 21, 2021, Rakuten USA, Inc. (operating as Rakuten Americas) experienced a **data breach caused by insider wrongdoing**, compromising sensitive personal information of **5,390 individuals**. The exposed data included **names, Social Security numbers (SSNs), and dates of birth**—highly sensitive details that significantly increase the risk of identity theft and financial fraud. The breach was formally reported to the **Maine Office of the Attorney General on February 11, 2021**, with at least **one Maine resident directly affected**. In response, Rakuten offered **24 months of complimentary credit monitoring services** to impacted individuals, acknowledging the severity of the exposure. The incident highlights vulnerabilities in internal access controls, as the breach stemmed from malicious or negligent actions by an insider, leading to unauthorized disclosure of personally identifiable information (PII). Such breaches not only erode customer trust but also expose the company to regulatory scrutiny, potential lawsuits, and long-term reputational damage.
TPRM report: https://www.rankiteo.com/company/rakutenrewards
"id": "rak256082125",
"linkid": "rakutenrewards",
"type": "Breach",
"date": "1/2021",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'customers_affected': 5390,
'industry': 'E-commerce / Technology',
'location': 'USA',
'name': 'Rakuten USA, Inc. DBA Rakuten Americas',
'type': 'Corporation'}],
'attack_vector': 'Insider Wrongdoing',
'customer_advisories': 'Notification letters sent to affected individuals, '
'including offer of 24 months of credit monitoring',
'data_breach': {'number_of_records_exposed': 5390,
'personally_identifiable_information': ['Names',
'Social Security '
'Numbers',
'Dates of Birth'],
'sensitivity_of_data': 'High (includes SSNs and DOBs)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)']},
'date_detected': '2021-01-21',
'date_publicly_disclosed': '2021-02-11',
'description': 'The Maine Office of the Attorney General reported a data '
'breach by Rakuten USA, Inc. DBA Rakuten Americas on February '
'11, 2021. The breach occurred on January 21, 2021, due to '
'insider wrongdoing affecting 5,390 individuals, with the '
'compromised data including names, Social Security numbers, '
'and dates of birth. One Maine resident was specifically '
'notified, and Rakuten offered 24 months of complimentary '
'credit monitoring services.',
'impact': {'brand_reputation_impact': 'Potential negative impact due to '
'exposure of sensitive personal data',
'data_compromised': ['Names',
'Social Security Numbers',
'Dates of Birth'],
'identity_theft_risk': 'High (due to exposure of SSNs and DOBs)'},
'post_incident_analysis': {'root_causes': 'Insider wrongdoing'},
'references': [{'source': 'Maine Office of the Attorney General'}],
'regulatory_compliance': {'regulatory_notifications': 'Reported to the Maine '
'Office of the Attorney '
'General'},
'response': {'communication_strategy': 'Notification to affected individuals '
'(including at least one Maine '
'resident)',
'remediation_measures': 'Offered 24 months of complimentary '
'credit monitoring services to affected '
'individuals'},
'threat_actor': 'Insider',
'title': 'Rakuten USA, Inc. DBA Rakuten Americas Data Breach (2021)',
'type': 'Data Breach'}