The Quest Group

The Quest Group suffered a data breach on August 17, 2022, attributed to external system hacking by unidentified threat actors. The incident exposed sensitive personal information, including Social Security numbers (SSNs), affecting 474 individuals, among them at least one Maine resident. The compromised data poses a significant risk of identity theft and financial fraud for the victims. The company confirmed the breach and initiated notifications, dispatching letters to the affected Maine resident on October 7, 2022, nearly two months post-incident. As a remedial measure, The Quest Group offered identity theft protection services to mitigate potential harm. The delay in disclosure and the nature of the exposed data SSNs being high-value targets for cybercriminals heighten concerns over long-term repercussions for the victims, including unauthorized credit applications, tax fraud, or other malicious activities leveraging stolen identities. The breach underscores vulnerabilities in the company’s cybersecurity defenses, particularly against external intrusion attempts, and raises questions about the adequacy of their incident response protocols in safeguarding sensitive customer data.

Source: https://www.maine.gov/agviewer/content/ag/985235c7-cb95-4be2-8792-a1252b4f8318/e05e9235-6dc3-4ee2-bdd6-70fcb05b7edd.shtml

TPRM report: https://www.rankiteo.com/company/the-quest-group

"id": "the214082125",
"linkid": "the-quest-group",
"type": "Breach",
"date": "8/2022",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'customers_affected': 474,
                        'name': 'The Quest Group',
                        'type': 'Organization'}],
 'attack_vector': 'External System Hacking',
 'customer_advisories': 'Identity theft protection services offered to '
                        'affected individuals',
 'data_breach': {'number_of_records_exposed': 474,
                 'personally_identifiable_information': True,
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Social Security numbers']},
 'date_detected': '2022-08-17',
 'description': "The Maine Attorney General's Office reported that The Quest "
                'Group experienced a data breach on August 17, 2022, affecting '
                '474 individuals, including one resident of Maine. The breach '
                'was caused by external system hacking, compromising Social '
                'Security numbers. Affected individuals were notified on '
                'October 7, 2022, and offered identity theft protection '
                'services.',
 'impact': {'data_compromised': ['Social Security numbers'],
            'identity_theft_risk': 'High (Social Security numbers exposed)'},
 'references': [{'source': "Maine Attorney General's Office"}],
 'regulatory_compliance': {'regulatory_notifications': ['Maine Attorney '
                                                        "General's Office"]},
 'response': {'communication_strategy': 'Notification letters sent to affected '
                                        'individuals (October 7, 2022)'},
 'title': 'The Quest Group Data Breach (2022)',
 'type': 'Data Breach'}

The Quest Group

Pax8: Cloud marketplace Pax8 accidentally exposes data on 1,800 MSP partners

Kaiser Permanente: Kaiser Permanente reaches $46 million settlement over data breach — how to file your claim

Grubhub: Grubhub confirms hackers stole data in recent security breach