Thirty Madison, Inc. d/b/a Keeps and Keeps.com

The Maine Office of the Attorney General reported that Thirty Madison, Inc. d/b/a Keeps experienced a data breach due to a misconfiguration of its customer service software, which may have allowed inadvertent access to communications between customers from July 8, 2018, to July 31, 2020. The breach affected a total of 1,047 individuals, including one resident whose driver's license information was potentially exposed. The notification letter was sent on October 9, 2020, and identity theft protection services were offered.

Source: https://www.maine.gov/agviewer/content/ag/985235c7-cb95-4be2-8792-a1252b4f8318/301688f4-f7b6-40d1-b542-0bdc342f29d4.shtml

TPRM report: https://www.rankiteo.com/company/the-company-you-keep-llc

"id": "the605072625",
"linkid": "the-company-you-keep-llc",
"type": "Breach",
"date": "7/2018",
"severity": "50",
"impact": "2",
"explanation": "Attack limited on finance or reputation"

{'affected_entities': [{'customers_affected': 1047,
                        'industry': 'Healthcare',
                        'name': 'Thirty Madison, Inc. d/b/a Keeps',
                        'type': 'Company'}],
 'attack_vector': 'Misconfiguration',
 'customer_advisories': 'Identity theft protection services offered',
 'data_breach': {'number_of_records_exposed': 1047,
                 'personally_identifiable_information': "Driver's license "
                                                        'information',
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Communications between '
                                              'customers',
                                              "Driver's license information"]},
 'date_publicly_disclosed': '2020-10-09',
 'description': 'The Maine Office of the Attorney General reported that Thirty '
                'Madison, Inc. d/b/a Keeps experienced a data breach due to a '
                'misconfiguration of its customer service software, which may '
                'have allowed inadvertent access to communications between '
                'customers from July 8, 2018, to July 31, 2020. The breach '
                'affected a total of 1,047 individuals, including one resident '
                "whose driver's license information was potentially exposed. "
                'The notification letter was sent on October 9, 2020, and '
                'identity theft protection services were offered.',
 'impact': {'data_compromised': ['Communications between customers',
                                 "Driver's license information"],
            'identity_theft_risk': 'High'},
 'post_incident_analysis': {'root_causes': 'Misconfiguration of customer '
                                           'service software'},
 'references': [{'source': 'Maine Office of the Attorney General'}],
 'regulatory_compliance': {'regulatory_notifications': 'Maine Office of the '
                                                       'Attorney General'},
 'response': {'communication_strategy': 'Notification letter sent to affected '
                                        'individuals'},
 'title': 'Thirty Madison, Inc. d/b/a Keeps Data Breach',
 'type': 'Data Breach',
 'vulnerability_exploited': 'Customer service software misconfiguration'}