Five organizations have disclosed data breaches to the Maine Attorney General’s Office in a single day. Because it imposes stringent reporting requirements on such incidents affecting its residents, the US state serves as a useful bellwether for monitoring the frequency of cyberattacks.
The five entities disclosing data breaches on May 17th were Village Bank, food company Sysco Corporation, Collins Electrical Construction, Kline & Specter legal firm, and cancer treatment researcher Puma Biotechnology.
Between them, the five cyberattacks affected nearly 150,000 people across the US. However, theoretically, there could be some overlap in cases of victims unlucky enough to fall foul of two or more separate breaches.
Of these, only a fraction of victims actually reside in Maine, meaning the impact of the breaches could be felt across the country.
By far the worst hit was Sysco. It reported 126,243 victims who had their names and other personally identifying information (PII), including Social Security numbers, exposed in what the firm described as “a cybersecurity event perpetrated by a threat actor believed to have begun on January 14th, 2023.”
As is all too often the case with system infiltrations, this one was not discovered by the target organization until March 5th.
Second worst hit was Kline & Specter, which saw the same kind of data pertaining to 16,096 clients exposed to cybercriminals behind what it described as a March 13th “ransomware attack in which some personal data may have been copied.”
The law firm added that after conducting a “thorough investigation” up to April 27th, it could not “conclusively” rule out the possibility of data theft.
In terms of the number of victims affected, Village Bank (3,324), Puma Biotechnology (1,933), and Collins Electrical (567) got off relatively lightly, although all three stressed, along with Sysco and Kline, that they were taking the attacks seriously.
All affected organizations but Kline have offered victims compensation in the form of free cybersecurity, credit monitoring, or identity protection services.
Kline, for its part, said in a letter of notification to victims that it had “no evidence that this information has been used in any way, including for identity theft.”
However, despite such reassurances, it is worth noting that cybercriminals do not always immediately put stolen PII to such use, meaning Kline’s clients could still be at risk in the long term.
It added: “Although the risk of data breaches cannot be eliminated altogether, we are undertaking a top-down review to determine what more we can reasonably do to minimize risk moving forward.”
Affected firms are urging their customers to take precautionary measures such as freezing their credit score to prevent agencies from releasing such information without due consent, and reviewing financial account statements regularly to monitor for any suspicious transactions.
More from Cybernews:
Streamers canceling popular shows: cruel, unfair, but money always wins
US employee steals secret tech for Chinese gov program
AI is threat to future of humanity, say 61% Americans
Tesla Bot walks slowly but surely forward in new video
Sysco data breach exposed over 126k Social Security numbers
Subscribe to our newsletter
Your email address will not be published. Required fields are markedmarked