The owner of CBS and Paramount National Amusements has confirmed a data breach that involved the exfiltration of mass amounts of personal data.
The media giant released information about the attack in a legally required document to the Maine attorney general, stating that 82,128 people were affected by the breach that spanned over three days in December 2022.
The data breach notification states that the information acquired by the threat actor includes financial accounts or credit/debit card numbers combined with security codes, access codes, passwords, and PINs.
Despite the attack occurring eight months prior, National Amusements claims to have only discovered the breach in August 2023.
Some media outlets speculate that compromised data may belong to employees at National Amusements, as the company's Senior Vice President of Human Resources submitted the data breach notification.
It’s unclear whether this information belonged to customers or users, as the media giant has chosen to remain silent on the matter. Furthermore, the nature of this cyberattack is also unknown.
This isn’t the first time National Amusements has faced a security breach of this type. According to another document filed with the Massachusetts attorney general, Paramount learned of a cyberattack between May and June 2023.
Threat actors seized information that “may have contained personal information,” including the “user’s name, date of birth, social security number, or other government-issued identification number such as driver’s license or passport number.”
After this attack, Paramount hired a “third-party cybersecurity expert and launched an investigation to determine the nature and scope of the issue” while offering identity protection and credit monitoring services for two years.
National Amusements may be deploying the same approach to its latest security breach, as the company has disclosed that identity theft protection services were offered to those impacted by the breach.
More from Cybernews:
Subscribe to our newsletter