The Maine Office of the Attorney General disclosed a data breach affecting St. Andrew's Resources for Seniors System on February 7, 2025. The incident, detected on January 6, 2025, involved unauthorized access to employee email accounts, potentially exposing sensitive personal information. Specifically, the names and Social Security numbers of 2 Maine residents were compromised, though the breach impacted a total of 16,869 individuals. The exposure of such data poses risks of identity theft, financial fraud, or targeted phishing attacks against the affected individuals. While the breach primarily involved employee email accounts, the leaked information belonged to external parties (residents), indicating a failure in securing access controls and monitoring unauthorized intrusions. The organization has not disclosed whether the breach was part of a broader cyberattack (e.g., phishing, malware) or an isolated vulnerability exploitation. The incident underscores the critical need for robust email security measures, particularly in sectors handling sensitive senior citizen data, where trust and confidentiality are paramount.
TPRM report: https://www.rankiteo.com/company/st.-andrew's-resources-for-seniors-system
"id": "st.154082025",
"linkid": "st.-andrew's-resources-for-seniors-system",
"type": "Breach",
"date": "12/2023",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'customers_affected': '16,869',
'industry': 'Healthcare / Senior Services',
'location': 'Maine, USA',
'name': "St. Andrew's Resources for Seniors System",
'type': 'Non-Profit Organization'}],
'attack_vector': 'Unauthorized Access (Email Compromise)',
'data_breach': {'number_of_records_exposed': '16,869',
'personally_identifiable_information': ['Names',
'Social Security '
'Numbers'],
'sensitivity_of_data': 'High (includes SSNs)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)']},
'date_detected': '2025-01-06',
'date_publicly_disclosed': '2025-02-07',
'description': 'The Maine Office of the Attorney General reported a data '
"breach involving St. Andrew's Resources for Seniors System. "
'The breach involved unauthorized access to employee email '
'accounts, potentially exposing the names and Social Security '
'numbers of 2 Maine residents. A total of 16,869 individuals '
'were affected by the incident.',
'impact': {'data_compromised': ['Names', 'Social Security Numbers'],
'identity_theft_risk': 'High (SSNs exposed)',
'systems_affected': ['Employee Email Accounts']},
'references': [{'date_accessed': '2025-02-07',
'source': 'Maine Office of the Attorney General'}],
'regulatory_compliance': {'regulatory_notifications': 'Maine Office of the '
'Attorney General'},
'response': {'communication_strategy': 'Public disclosure via Maine Office of '
'the Attorney General'},
'title': "Data Breach at St. Andrew's Resources for Seniors System",
'type': 'Data Breach'}