Cyber Incident Victim: PULAU Corporation

Between June 11 and June 29, 2020, PULAU Corporation, a defense supplier, experienced unauthorized access to portions of its network. The intrusion was detected through an internal investigation, which determined that an external party exfiltrated employment-related records containing sensitive personal information. The compromised data included employee names, contact details, dates of birth, and government-issued identification numbers such as Social Security numbers, passport details, military IDs, tax IDs, and driver's license information. Financial account specifics like bank account and payment card details were also accessed, along with online account credentials (usernames and passwords) and health-related information encompassing health insurance records. The investigation confirmed that not every affected individual had all categories of information exposed, indicating selective data access or extraction during the breach window.

PULAU Corporation initiated employee notifications on August 31, 2020, disclosing the incident’s scope and the types of compromised data. The company referenced its formal notification letter, publicly available through the California Attorney General’s office, as the primary communication channel for affected individuals. As a remedial measure, PULAU offered impacted employees two years of complimentary identity restoration services and credit monitoring to address potential fraud risks stemming from the exposure of sensitive identifiers. No operational disruptions or system outages were reported in connection with the incident. The organization’s response focused exclusively on mitigating consumer harm through credit protection services, with no disclosed details regarding network containment procedures, forensic methodology, or attacker attribution.