Cyber Incident Victim: Carriage Purchaser, Inc.

On February 20, 2024, Carriage Purchaser, Inc., operating as PS Logistics, experienced an external system breach involving unauthorized hacking activity. The breach compromised personal identifiers combined with names, though the specific data elements were not detailed in the notification. PS Logistics, a commercial entity based at 1927 1st Avenue North in Birmingham, Alabama, discovered the incident on December 16, 2024—nearly ten months after the breach occurred. The attack impacted 21 Maine residents, though the total number of affected individuals across all jurisdictions remained unspecified. Attorney Blair Dawson of McDonald Hopkins, PLC, acting as the entity’s legal representative, submitted the breach disclosure to Maine authorities. PS Logistics initiated written notifications to affected consumers on December 19, 2024, three days after discovering the breach. A redacted copy of the consumer notice was filed with Maine’s Attorney General, though its contents were not publicly disclosed.

The breach triggered PS Logistics to offer identity theft protection services through provider Epiq for a duration of 12 months to affected individuals. No prior breach notifications involving the entity had been reported within the preceding twelve-month period. The incident did not meet Maine’s threshold for mandatory reporting to consumer reporting agencies, as the number of impacted residents fell below 1,000. PS Logistics did not disclose technical details about the attack vector, containment measures, or operational disruptions resulting from the breach. The entity’s public disclosure remained limited to the minimum requirements under Maine’s data breach notification laws, with no supplementary statements or mitigation timelines provided.