On **July 22, 2024**, SGII, Inc. (operating as SeneGence) suffered a **data breach** due to a **hacking incident**, exposing sensitive personal information of **1,375 individuals**, including **10 Maine residents**. The compromised data included **names, addresses, phone numbers, and credit card details**, putting affected individuals at risk of identity theft and financial fraud.The company took nearly **four months** to notify consumers, issuing alerts on **November 22, 2024**, and offered **24 months of free identity theft protection** via Experian as a remedial measure. The breach highlights vulnerabilities in SeneGence’s cybersecurity defenses, particularly in safeguarding **customer financial data**, which is a high-value target for cybercriminals. While no immediate evidence of misuse was reported, the exposure of **payment card information** increases the likelihood of fraudulent transactions, phishing attempts, or further exploitation of the stolen data.This incident underscores the critical need for robust **incident response protocols** and **proactive threat monitoring** to mitigate the fallout from such attacks, especially when financial records are involved. The delayed disclosure may also raise concerns about **regulatory compliance** and transparency in breach notifications.
TPRM report: https://www.rankiteo.com/company/senegenceinternational
"id": "sen020090625",
"linkid": "senegenceinternational",
"type": "Breach",
"date": "7/2024",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 1375,
'industry': 'Cosmetics / Direct Sales',
'name': 'SGII, Inc. (SeneGence)',
'type': 'Corporation'}],
'attack_vector': 'Hacking',
'customer_advisories': 'Consumers notified on 2024-11-22 with offer of 24 '
'months of identity theft protection via Experian',
'data_breach': {'data_exfiltration': 'Likely (personal and payment data '
'accessed)',
'number_of_records_exposed': 1375,
'personally_identifiable_information': ['names',
'addresses',
'phone numbers'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personal Identifiable '
'Information (PII)',
'Payment Card Information']},
'date_detected': '2024-07-22',
'date_publicly_disclosed': '2024-11-22',
'description': 'The Maine Office of the Attorney General reported that SGII, '
'Inc., doing business as SeneGence, experienced a data breach '
'on July 22, 2024, affecting a total of 1,375 individuals, '
'including 10 Maine residents. The breach involved a hacking '
'incident that compromised personal information, including '
'names, addresses, phone numbers, and credit card information. '
'Affected consumers were notified on November 22, 2024, and '
'offered 24 months of identity theft protection services '
'through Experian.',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'exposure of sensitive customer data',
'data_compromised': ['names',
'addresses',
'phone numbers',
'credit card information'],
'identity_theft_risk': 'High (credit card information and PII '
'exposed)',
'payment_information_risk': 'High (credit card information '
'compromised)'},
'references': [{'source': 'Maine Office of the Attorney General'}],
'regulatory_compliance': {'regulatory_notifications': 'Maine Office of the '
'Attorney General (as '
'part of state breach '
'notification laws)'},
'response': {'communication_strategy': 'Consumer notifications sent on '
'2024-11-22 with offer of 24 months of '
'identity theft protection',
'third_party_assistance': 'Experian (identity theft protection '
'services)'},
'title': 'SeneGence (SGII, Inc.) Data Breach - July 2024',
'type': 'Data Breach'}