The California Office of the Attorney General disclosed a data breach at WideOrbit LLC, stemming from a phishing attack on July 1, 2020. Unauthorized access was gained to an employee’s email account, exposing personal information of current and former employees, contractors, and their dependents. The breach was reported over a year later, on July 30, 2021, though the exact number of affected individuals remains undisclosed. The compromised data likely included sensitive employee details, such as names, contact information, and potentially financial or tax-related records, given the nature of the attack. The delay in detection and reporting further exacerbated risks, leaving affected parties vulnerable to identity theft, fraud, or other malicious activities. The incident underscores the persistent threat of phishing as a gateway for broader data compromise, particularly when employee credentials are targeted.
Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-543399
TPRM report: https://www.rankiteo.com/company/wideorbit
"id": "wid559091725",
"linkid": "wideorbit",
"type": "Breach",
"date": "7/2020",
"severity": "85",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'customers_affected': 'No (Employees, Contractors, and '
'Dependents Affected)',
'industry': 'Media & Advertising Technology',
'location': 'California, USA',
'name': 'WideOrbit LLC',
'type': 'Private Company'}],
'attack_vector': 'Phishing Email',
'data_breach': {'data_exfiltration': 'Likely (Unauthorized Access to Email '
'Account)',
'personally_identifiable_information': True,
'sensitivity_of_data': 'High (Personal Information of '
'Employees, Contractors, and '
'Dependents)',
'type_of_data_compromised': ['Personal Information']},
'date_detected': '2020-07-01',
'date_publicly_disclosed': '2021-07-30',
'description': 'The California Office of the Attorney General reported that '
'WideOrbit LLC experienced a data breach involving '
"unauthorized access to an employee's email account, resulting "
'from a phishing email incident on July 1, 2020. The breach '
'was reported on July 30, 2021, affecting personal information '
'of current and former employees, contractors, and their '
'dependents, although the exact number of individuals affected '
'is unknown.',
'impact': {'data_compromised': ['Personal Information of Employees, '
'Contractors, and Dependents'],
'identity_theft_risk': 'Potential (Personal Information Exposed)',
'systems_affected': ['Employee Email Account']},
'initial_access_broker': {'entry_point': 'Phishing Email (Employee Email '
'Account)',
'high_value_targets': ['Employee Email Account']},
'investigation_status': 'Reported (2021-07-30)',
'post_incident_analysis': {'root_causes': ['Phishing Attack Leading to '
'Unauthorized Email Access']},
'references': [{'source': 'California Office of the Attorney General'}],
'regulatory_compliance': {'regulations_violated': ['Potential Violation of '
'California Consumer '
'Privacy Act (CCPA) or '
'Other State Data '
'Protection Laws'],
'regulatory_notifications': ['Reported to '
'California Office of '
'the Attorney '
'General']},
'response': {'communication_strategy': 'Public Disclosure via California '
'Office of the Attorney General'},
'title': 'WideOrbit LLC Email Account Data Breach (2020)',
'type': 'Data Breach (Phishing)',
'vulnerability_exploited': 'Human Error (Phishing Susceptibility)'}