On August 13, 2012, the John Stewart Company experienced an inadvertent disclosure of personal information, exposing sensitive data of unspecified individuals. The breach involved the compromise of names, Social Security numbers, and birth dates highly sensitive details that could facilitate identity theft or fraud. The company responded by deleting the affected emails and offering one year of identity theft protection via LifeLock to mitigate potential harm. While the exact number of impacted individuals was not disclosed, the nature of the exposed data (SSNs and birth dates) significantly elevates the risk of long-term financial and reputational damage for those affected. The incident highlights vulnerabilities in data handling practices, particularly in securing personally identifiable information (PII) against unintended exposure.
Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-32684
TPRM report: https://www.rankiteo.com/company/the-john-stewart-company
"id": "the023090625",
"linkid": "the-john-stewart-company",
"type": "Breach",
"date": "8/2012",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Unspecified',
'location': 'California, USA',
'name': 'John Stewart Company',
'type': 'Company'}],
'customer_advisories': ['Offer of one year of identity theft protection via '
'LifeLock'],
'data_breach': {'file_types_exposed': ['Emails'],
'personally_identifiable_information': ['names',
'social security '
'numbers',
'birth dates'],
'sensitivity_of_data': 'High (SSNs, birth dates)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)']},
'date_detected': '2012-08-13',
'date_publicly_disclosed': '2012-08-13',
'description': 'The California Office of the Attorney General reported that '
'the John Stewart Company experienced an inadvertent '
'disclosure of personal information on August 13, 2012, '
'affecting unspecified individuals. The compromised '
'information included names, social security numbers, and '
'birth dates. The company has taken steps to delete the emails '
'and is offering one year of identity theft protection via '
'LifeLock.',
'impact': {'brand_reputation_impact': 'Potential (due to exposure of '
'sensitive PII)',
'data_compromised': ['names',
'social security numbers',
'birth dates'],
'identity_theft_risk': 'High (PII exposed)'},
'motivation': 'Unintentional (Human Error)',
'post_incident_analysis': {'corrective_actions': ['Deletion of exposed emails',
'Provision of identity '
'theft protection to '
'affected individuals'],
'root_causes': 'Inadvertent disclosure (likely '
'human error in email handling)'},
'references': [{'source': 'California Office of the Attorney General'}],
'regulatory_compliance': {'regulatory_notifications': ['California Office of '
'the Attorney '
'General']},
'response': {'containment_measures': ['Deletion of emails containing exposed '
'PII'],
'remediation_measures': ['Offering one year of identity theft '
'protection via LifeLock'],
'third_party_assistance': 'LifeLock (identity theft protection '
'provider)'},
'title': 'Inadvertent Disclosure of Personal Information at John Stewart '
'Company',
'type': 'Data Breach (Inadvertent Disclosure)'}