Cyber Incident Victim: Pinnacle Propane

The Pinnacle Propane data breach began with unauthorized access to the company's computer network between November 28, 2022, and December 6, 2022. Pinnacle discovered the intrusion on December 4, 2022, prompting immediate containment measures including system security reinforcement. The company notified law enforcement authorities and engaged third-party cybersecurity specialists to investigate the incident's scope and origin. Forensic analysis confirmed that the unauthorized actor accessed files containing sensitive consumer information during the intrusion window. The compromised data included names and Social Security numbers, though the specific number of affected individuals was not disclosed in regulatory filings. Pinnacle completed its internal review of impacted files in early 2023 to identify compromised records and affected consumers.

On April 28, 2023, Pinnacle Propane submitted a formal breach notification to the Montana Attorney General and initiated mailing data breach letters to impacted individuals. The notification process occurred nearly five months after intrusion detection, reflecting the duration required for forensic investigation and data review. As a Texas-based propane distributor serving nine U.S. states, the breach exposed customers to potential identity theft and financial fraud risks due to the sensitivity of leaked Social Security information. Parent company SHV Energy, a Dutch multinational corporation with $11.5 billion annual revenue, oversaw breach response through its subsidiary. Pinnacle's incident response followed standard protocols including system containment, law enforcement coordination, external forensic analysis, and regulatory compliance with state notification requirements. The breach affected both residential and commercial customers of the propane distribution services operated since 2010.