The California Office of the Attorney General disclosed a data breach at Taylor-Dunn Manufacturing in March 2018, initially detected on January 24, 2018. The incident stemmed from unauthorized access via cryptomining malware, which compromised sensitive customer data. Exposed information included names, addresses, phone numbers, email addresses, and customer care credentials (usernames and passwords). While the breach did not explicitly mention financial or highly sensitive data (e.g., Social Security numbers or medical records), the exposure of personal identifiers and login details poses risks of identity theft, phishing, or account takeover attacks. The breach highlights vulnerabilities in the company’s cybersecurity defenses, particularly against malware-based intrusions. Although no ransomware was involved, the leak of customer credentials could lead to downstream fraud or reputational harm. The incident underscores the need for robust access controls, malware detection, and customer notification protocols to mitigate post-breach risks. No evidence suggested the attack disrupted operations or targeted internal employee data, but the compromise of customer PII (Personally Identifiable Information) remains a critical concern.
Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-134513
TPRM report: https://www.rankiteo.com/company/taylor-dunn-de-m-xico-s.a.-de-c.v.
"id": "tay722090125",
"linkid": "taylor-dunn-de-m-xico-s.a.-de-c.v.",
"type": "Breach",
"date": "1/2018",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Industrial Vehicles',
'location': 'California, USA',
'name': 'Taylor-Dunn Manufacturing',
'type': 'Manufacturer'}],
'attack_vector': 'Cryptomining Malware',
'data_breach': {'data_exfiltration': 'Potential (unauthorized access '
'confirmed)',
'personally_identifiable_information': True,
'sensitivity_of_data': 'Moderate to High (includes usernames '
'and passwords)',
'type_of_data_compromised': ['PII (Personally Identifiable '
'Information)',
'Authentication Credentials']},
'date_detected': '2018-01-24',
'date_publicly_disclosed': '2018-03-16',
'description': 'The California Office of the Attorney General reported a data '
'breach involving Taylor-Dunn Manufacturing on March 16, 2018. '
'The breach, identified on January 24, 2018, involved '
'unauthorized access through cryptomining malware potentially '
'exposing customer names, addresses, phone numbers, email '
'addresses, and customer care usernames and passwords.',
'impact': {'data_compromised': ['Customer names',
'Addresses',
'Phone numbers',
'Email addresses',
'Customer care usernames',
'Passwords'],
'identity_theft_risk': 'Potential (due to exposed PII)'},
'references': [{'date_accessed': '2018-03-16',
'source': 'California Office of the Attorney General'}],
'regulatory_compliance': {'regulations_violated': ['California Data Breach '
'Notification Law '
'(likely)'],
'regulatory_notifications': ['California Office of '
'the Attorney '
'General']},
'response': {'communication_strategy': 'Public disclosure via California '
'Office of the Attorney General'},
'title': 'Taylor-Dunn Manufacturing Data Breach (2018)',
'type': 'Data Breach'}