The Maine Office of the Attorney General disclosed a data breach at Verso Financial, operated by Kevin Grunawalt, where an unauthorized party gained access to an employee’s email account between October 2023 and February 2024. The incident, reported on September 24, 2024, impacted two Maine residents, exposing their personal information. While the exact nature of the compromised data was not detailed, the breach prompted Verso Financial to offer 12 months of identity theft protection services through Epiq Global, including Equifax credit monitoring, to mitigate potential risks like fraud or identity theft. The breach highlights vulnerabilities in email security protocols, raising concerns over internal data protection measures and the potential for broader exploitation if similar accounts were compromised. The limited scope of affected individuals suggests targeted access, though the prolonged exposure window increases the likelihood of undetected data misuse during that period.
TPRM report: https://www.rankiteo.com/company/verso-financial
"id": "ver1022090725",
"linkid": "verso-financial",
"type": "Breach",
"date": "10/2023",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'customers_affected': 2,
'industry': 'Financial',
'location': 'Maine, USA',
'name': 'Verso Financial (Kevin Grunawalt d/b/a)',
'type': 'Financial Services'}],
'attack_vector': 'Compromised Employee Email Account',
'customer_advisories': ['Notification letters to affected individuals'],
'data_breach': {'data_exfiltration': 'Likely (unauthorized access implies '
'potential exfiltration)',
'number_of_records_exposed': 2,
'personally_identifiable_information': True,
'sensitivity_of_data': 'High (PII)',
'type_of_data_compromised': 'Personal Information'},
'date_publicly_disclosed': '2024-09-24',
'description': 'The Maine Office of the Attorney General reported that Kevin '
'Grunawalt d/b/a Verso Financial notified affected individuals '
'of a data breach involving unauthorized access to an employee '
'email account. The breach occurred between October 2023 and '
'February 2024, affecting 2 residents in Maine, and included '
'potential exposure of personal information. Identity theft '
'protection services were offered for 12 months through Epiq '
'Global, including Equifax credit monitoring.',
'impact': {'brand_reputation_impact': 'Potential (due to data exposure)',
'data_compromised': ['Personal Information'],
'identity_theft_risk': 'High (personal information exposed)',
'systems_affected': ['Employee Email Account']},
'initial_access_broker': {'entry_point': 'Employee Email Account'},
'investigation_status': 'Disclosed (notification issued)',
'post_incident_analysis': {'corrective_actions': ['Offered identity theft '
'protection services']},
'references': [{'source': 'Maine Office of the Attorney General'}],
'regulatory_compliance': {'regulatory_notifications': ['Maine Office of the '
'Attorney General']},
'response': {'communication_strategy': ['Notification to affected individuals '
'via Maine AG'],
'incident_response_plan_activated': 'Likely (notification '
'issued)',
'recovery_measures': ['12-month identity theft protection '
'services for affected individuals'],
'third_party_assistance': ['Epiq Global (identity theft '
'protection)',
'Equifax (credit monitoring)']},
'title': 'Verso Financial Data Breach via Unauthorized Email Access',
'type': 'Data Breach (Unauthorized Access)'}