On July 6, 2022, Midjit Market, Inc. (operating as Green Valley Grocery) suffered a data breach due to unauthorized access to an employee email account. The incident exposed sensitive information, with Social Security Numbers (SSNs) confirmed as compromised, affecting 2,916 individuals. The breach was disclosed to the Maine Office of the Attorney General on January 16, 2023, nearly six months after the initial intrusion, raising concerns about delayed detection or reporting. In response, the company offered credit monitoring services to impacted individuals to mitigate potential identity theft or financial fraud risks. The breach highlights vulnerabilities in email security protocols, particularly regarding phishing or credential compromise, which allowed attackers to access highly sensitive employee and customer-related data. The exposure of SSNs critical for identity verification poses long-term risks, including financial fraud, tax fraud, and unauthorized account openings. While no ransomware was involved, the breach underscores the need for stronger access controls, multi-factor authentication (MFA), and timely incident response to prevent prolonged exposure of personal data.
TPRM report: https://www.rankiteo.com/company/the-crawford-group-nevada
"id": "the410090725",
"linkid": "the-crawford-group-nevada",
"type": "Breach",
"date": "7/2022",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'customers_affected': 2916,
'industry': 'Retail',
'location': 'Maine, USA (inferred from reporting by '
'Maine Office of the Attorney General)',
'name': 'Midjit Market, Inc. dba Green Valley Grocery',
'type': 'Retail (Grocery)'}],
'attack_vector': 'Compromised Email Account',
'customer_advisories': ['Credit monitoring services offered to affected '
'individuals'],
'data_breach': {'data_exfiltration': 'Likely (unauthorized access implies '
'potential exfiltration)',
'number_of_records_exposed': 2916,
'personally_identifiable_information': ['Social Security '
'Numbers'],
'sensitivity_of_data': 'High (includes Social Security '
'Numbers)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)']},
'date_detected': '2022-07-06',
'date_publicly_disclosed': '2023-01-16',
'description': 'The Maine Office of the Attorney General reported that Midjit '
'Market, Inc. dba Green Valley Grocery experienced a data '
'breach involving unauthorized access to an employee email '
'account on July 6, 2022. The breach potentially affected '
'2,916 individuals, with Social Security Numbers confirmed as '
'information compromised. Credit monitoring services were '
'offered to those affected.',
'impact': {'brand_reputation_impact': 'Potential negative impact due to '
'exposure of sensitive personal data',
'data_compromised': ['Social Security Numbers'],
'identity_theft_risk': 'High (SSNs compromised)',
'systems_affected': ['Employee Email Account']},
'initial_access_broker': {'entry_point': 'Employee Email Account'},
'investigation_status': 'Reported; credit monitoring offered (status of '
'deeper investigation unclear)',
'references': [{'source': 'Maine Office of the Attorney General'}],
'regulatory_compliance': {'regulatory_notifications': ['Reported to Maine '
'Office of the '
'Attorney General']},
'response': {'remediation_measures': ['Offered credit monitoring services to '
'affected individuals']},
'title': 'Green Valley Grocery Employee Email Account Data Breach',
'type': 'Data Breach (Unauthorized Access)'}