The Maine Office of the Attorney General disclosed that Toyo Tanso suffered an external system breach (hacking) between May 24–25, 2021, compromising the personal data of 1,092 individuals, including at least one Maine resident whose Social Security number (SSN) may have been accessed. The breach was detected, and affected individuals were notified via letters on October 20, 2021, nearly five months after the incident. As a remedial measure, Toyo Tanso offered one year of identity theft protection services through Experian to mitigate potential risks like fraud or unauthorized use of exposed data. The breach primarily involved personally identifiable information (PII), with the SSN being a high-value target for cybercriminals. While the exact method of infiltration (e.g., phishing, exploit of a vulnerability) was not specified, the delay in notification could exacerbate risks such as identity theft or financial fraud for the victims. The company’s response included proactive monitoring but did not disclose whether the attackers exfiltrated the data for malicious purposes beyond potential access. The incident highlights vulnerabilities in Toyo Tanso’s cybersecurity defenses, particularly in safeguarding sensitive employee or customer data from external threats.
TPRM report: https://www.rankiteo.com/company/toyo-tanso-co-ltd
"id": "toy239082125",
"linkid": "toyo-tanso-co-ltd",
"type": "Breach",
"date": "5/2021",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '1,092 individuals',
'name': 'Toyo Tanso',
'type': 'Company'}],
'attack_vector': 'Hacking/External System Breach',
'customer_advisories': 'Notification letters sent (October 20, 2021) with '
'offer of one year of identity theft protection via '
'Experian',
'data_breach': {'number_of_records_exposed': '1,092',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High (includes Social Security '
'numbers)',
'type_of_data_compromised': ['Personal Information',
'Social Security Numbers']},
'date_publicly_disclosed': '2021-10-20',
'description': 'The Maine Office of the Attorney General reported that Toyo '
'Tanso experienced an external system breach (hacking) between '
'May 24-25, 2021, potentially affecting 1,092 individuals, '
'including one Maine resident whose Social Security number may '
'have been accessed. Notification letters were sent to '
'affected individuals on October 20, 2021, and identity theft '
'protection services were offered through Experian for one '
'year.',
'impact': {'data_compromised': ['Personal Information',
'Social Security Numbers (for at least one '
'individual)'],
'identity_theft_risk': 'High (Social Security numbers potentially '
'accessed)'},
'references': [{'source': 'Maine Office of the Attorney General'}],
'regulatory_compliance': {'regulatory_notifications': ['Maine Office of the '
'Attorney General']},
'response': {'communication_strategy': 'Notification letters sent to affected '
'individuals (October 20, 2021)',
'third_party_assistance': ['Experian (identity theft protection '
'services)']},
'title': 'Toyo Tanso External System Breach (2021)',
'type': 'Data Breach'}