Breach cyber

Supplemental Income 401(k) Plan

Mar 22, 2021 1 min read
Supplemental Income 401(k) Plan

The California Attorney General reported a data breach involving the Supplemental Income 401(k) Plan on June 3, 2021. The breach occurred due to a phishing attack that compromised a single email account, beginning on March 22, 2021, and ending on April 21, 2021. Personal information exposed included names, addresses, dates of birth, Social Security numbers, account balances, enrollment dates, and contribution amounts.

Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-541552

TPRM report: https://www.rankiteo.com/company/schwab-retirement-services

"id": "sch818072725",
"linkid": "schwab-retirement-services",
"type": "Breach",
"date": "3/2021",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"
{'affected_entities': [{'industry': 'Financial Services',
                        'location': 'California',
                        'name': 'Supplemental Income 401(k) Plan',
                        'type': 'Retirement Plan'}],
 'attack_vector': 'Phishing',
 'data_breach': {'personally_identifiable_information': True,
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['names',
                                              'addresses',
                                              'dates of birth',
                                              'Social Security numbers',
                                              'account balances',
                                              'enrollment dates',
                                              'contribution amounts']},
 'date_detected': '2021-03-22',
 'date_publicly_disclosed': '2021-06-03',
 'date_resolved': '2021-04-21',
 'description': 'The California Attorney General reported a data breach '
                'involving the Supplemental Income 401(k) Plan on June 3, '
                '2021. The breach occurred due to a phishing attack that '
                'compromised a single email account, beginning on March 22, '
                '2021, and ending on April 21, 2021. Personal information '
                'exposed included names, addresses, dates of birth, Social '
                'Security numbers, account balances, enrollment dates, and '
                'contribution amounts.',
 'impact': {'data_compromised': ['names',
                                 'addresses',
                                 'dates of birth',
                                 'Social Security numbers',
                                 'account balances',
                                 'enrollment dates',
                                 'contribution amounts']},
 'initial_access_broker': {'entry_point': 'Email Account'},
 'post_incident_analysis': {'root_causes': 'Phishing attack leading to email '
                                           'account compromise'},
 'references': [{'date_accessed': '2021-06-03',
                 'source': 'California Attorney General'}],
 'title': 'Data Breach Involving Supplemental Income 401(k) Plan',
 'type': 'Data Breach',
 'vulnerability_exploited': 'Email Account Compromise'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.