On January 24, 2024, the Maine Office of the Attorney General reported a data breach involving Yesway. The breach occurred between May 29, 2023, and June 1, 2023, due to a vulnerability in the MOVEit file transfer program, affecting 1 resident whose Social Security number and name were compromised. Yesway provided identity theft protection services for two years following the incident.
TPRM report: https://www.rankiteo.com/company/yeswaystores
"id": "yes755080425",
"linkid": "yeswaystores",
"type": "Vulnerability",
"date": "5/2023",
"severity": "25",
"impact": "1",
"explanation": "Attack without any consequences"{'affected_entities': [{'customers_affected': 1,
'industry': 'Retail',
'name': 'Yesway',
'type': 'Company'}],
'attack_vector': 'Vulnerability Exploitation',
'data_breach': {'number_of_records_exposed': 1,
'personally_identifiable_information': True,
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Social Security number',
'Name']},
'date_detected': '2024-01-24',
'date_publicly_disclosed': '2024-01-24',
'description': 'A data breach involving Yesway was reported by the Maine '
'Office of the Attorney General. The breach occurred due to a '
'vulnerability in the MOVEit file transfer program, affecting '
'1 resident whose Social Security number and name were '
'compromised.',
'impact': {'data_compromised': ['Social Security number', 'Name'],
'identity_theft_risk': 'High'},
'references': [{'date_accessed': '2024-01-24',
'source': 'Maine Office of the Attorney General'}],
'title': 'Yesway Data Breach',
'type': 'Data Breach',
'vulnerability_exploited': 'MOVEit file transfer program vulnerability'}