Toshiba email compromise reveals Social Security numbers

The American subsidiary of Toshiba, Toshiba America Business Solutions (TABS), experienced an email compromise that allowed an unauthorized actor to access personal information and Social Security numbers.

TABS “identified and addressed suspicious activity within (its) email environment” and “immediately took steps to ensure (its) email tenant was secure,” the company states.

Based on its preliminary review of the incident, certain data elements were “potentially” viewed by an unauthorized actor.

The personal information involved includes:

  • Names
  • Social Security numbers

The full scope of the incident is unknown, as a notification letter uploaded to the Office of the Maine Attorney General doesn’t specify how many people were affected, apart from one Maine resident.

However, since TABS has also submitted information about the breach to the Massachusetts Office of Consumer Affairs and Business Regulation, the email compromise likely impacted multiple individuals across several US states.

Cybernews has reached out to Toshiba America Business Solutions for comment.

The breach lasted almost a year as the compromise occurred between April 2023 and March 2024 – the incident was only discovered in May 2024.

The incident was reported to law enforcement, and the investigation into the email compromise is ongoing, TABS said.

TABS has organized a complimentary two-year identity monitoring service for those affected by the incident.

Toshiba America Business Solutions is a subsidiary of Toshiba TEC corporation and is known for its office printing and retail solutions across the US and Latin America.

According to Zippia, TABS’ annual revenue is approximately $1.1 billion, and the company employs almost 4000 people.