Cyber Incident Victim: Epic Management LLC

Epic Management LLC experienced a cybersecurity incident involving unauthorized access to its digital environment, specifically targeting files and data within its email system. The breach timeline was not publicly disclosed, but the organization emphasized the complexity and duration of its forensic review, which concluded on December 9, 2022. The compromised email system contained extensive sensitive information, including first and last names, dates of birth, Social Security numbers, health insurance details, medical records, driver’s licenses, passport numbers, financial account and routing numbers, biometric data, usernames with passwords, and payment card numbers with expiration dates and security codes. This breadth of exposed data created significant risks for identity theft, financial fraud, and medical privacy violations. The incident impacted over 10,500 individuals, though an exact total was not specified. Epic Management did not describe the intrusion method or duration of unauthorized access prior to detection.

In response, Epic Management implemented credit monitoring and identity theft protection services for individuals whose Social Security numbers were exposed. The company stated it had updated its cyber environment with unspecified security enhancements to prevent future incidents. Notification letters were distributed following the December 9 review completion, though the specific notification date was not provided. No information was disclosed regarding containment measures during the investigation, law enforcement involvement, or evidence of data misuse. The organizational focus remained on completing the forensic review, notifying affected parties, and implementing technical improvements to its security infrastructure as corrective actions.