Totally Promotional

Totally Promotional, a promotional products company, suffered a data breach on its payment platform around **July 10, 2024**, which was detected on **September 13, 2024**. The incident involved **suspicious activity** that compromised **payment card information** of **39,024 individuals**, including **160 Maine residents**. The breach exposed sensitive financial data, potentially enabling fraudulent transactions or unauthorized access to customer payment details. Notifications were issued to affected parties on **October 16, 2024**, indicating a delay between discovery and disclosure. The breach highlights vulnerabilities in the company’s payment processing system, raising concerns over financial security and customer trust. While the exact method of intrusion remains undisclosed, the focus on payment card data suggests a targeted cyber attack aimed at financial exploitation.

Source: https://www.maine.gov/agviewer/content/ag/985235c7-cb95-4be2-8792-a1252b4f8318/7bb4247e-a706-473f-b7ea-f7f3f74db595.html

TPRM report: https://www.rankiteo.com/company/totally-promotional

"id": "tot1007090725",
"linkid": "totally-promotional",
"type": "Cyber Attack",
"date": "11/2023",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'customers_affected': 39024,
                        'industry': 'Promotional Products',
                        'name': 'Totally Promotional',
                        'type': 'Business'}],
 'customer_advisories': 'Notification letters sent to affected individuals '
                        '(October 16, 2024)',
 'data_breach': {'data_exfiltration': 'Likely (suspicious activity detected)',
                 'number_of_records_exposed': 39024,
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Payment card information']},
 'date_detected': '2024-09-13',
 'date_publicly_disclosed': '2024-10-16',
 'description': 'The Maine Office of the Attorney General reported that '
                'Totally Promotional experienced a data breach involving '
                'suspicious activity on its payment platform on or about July '
                '10, 2024. The breach, discovered on September 13, 2024, '
                'potentially affected the payment card information of 39,024 '
                'individuals, including 160 Maine residents, with the '
                'notification sent on October 16, 2024.',
 'impact': {'data_compromised': ['Payment card information'],
            'identity_theft_risk': 'Potential (payment card data exposed)',
            'payment_information_risk': 'High (39,024 records exposed)',
            'systems_affected': ['Payment platform']},
 'initial_access_broker': {'high_value_targets': ['Payment card data']},
 'investigation_status': 'Ongoing (as of October 2024)',
 'references': [{'source': 'Maine Office of the Attorney General'}],
 'regulatory_compliance': {'regulatory_notifications': ['Maine Office of the '
                                                        'Attorney General']},
 'response': {'communication_strategy': 'Notification sent to affected '
                                        'individuals (October 16, 2024)'},
 'title': 'Totally Promotional Payment Platform Data Breach (July 2024)',
 'type': 'Data Breach'}

Totally Promotional

Instagram: Instagram Says There Was No Data Breach Over the Weekend

Fortinet: Cyber Security News ®’s Post

Truebit: At least $26 million in crypto stolen from Truebit platform as crypto crime landscape evolves