Cyber Incident Victim: Sunland Asphalt and Construction
Date:
Aug 2022
Location:
United States of America
Summary
A cybersecurity incident at Sunland Asphalt and Construction involved unauthorized access to its network, compromising sensitive personal information of 7,884 individuals. The breach exposed names, dates of birth, Social Security numbers, financial and medical details, passport and driver’s license numbers, payment card data, health insurance information, electronic signatures, and login credentials. The company detected suspicious activity, secured its systems, and initiated an investigation with third-party specialists, confirming the unauthorized access period. Affected individuals were notified through data breach letters, and the company reported the incident to regulatory authorities. The Arizona-based construction firm, operating across multiple states, provides asphalt and concrete services and maintains significant annual revenue and workforce.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Sunland Asphalt and Construction, LLC detected suspicious activity within its computer network on August 29, 2022, prompting immediate network security measures. The company engaged third-party cybersecurity specialists to investigate the incident, which revealed unauthorized access to files containing sensitive consumer information between August 27 and August 29, 2022. The breach window spanned three days before detection, during which the attacker compromised systems storing personal data. Sunland completed its forensic review to identify the scope of impacted information and affected individuals, confirming the exposure of multiple categories of confidential data.
The compromised information included names, dates of birth, financial account details, Social Security numbers, passport numbers, driver's license numbers, payment card information, medical records, health insurance details, electronic signatures, and username-password combinations. On March 17, 2023, Sunland formally reported the breach to the Maine Attorney General, disclosing that 7,884 individuals were affected. The company simultaneously initiated direct notification letters to impacted consumers and published a Notice of Privacy Incident on its corporate website. Founded in 1979 and headquartered in Phoenix, Arizona, Sunland operates across five southwestern states with 397 employees and $278 million annual revenue, providing asphalt and concrete construction services. The breach exposed vulnerabilities in Sunland's data storage systems containing extensive consumer PII and sensitive financial and health information. No additional attacker motives, methods, or post-breach fraudulent activities were detailed in the regulatory filing or public notice.