Cyber Incident Victim: Tom James Company
Date:
Aug 2022
Location:
United States of America
Summary
Tom James Company experienced a ransomware attack compromising its computer network, leading to unauthorized access of sensitive consumer information. The incident involved stolen files containing names and Social Security numbers, affecting 8,656 individuals. The company secured its systems, conducted an investigation confirming the breach, and subsequently notified impacted parties. The Tennessee-based custom clothing retailer addressed the security event after an unauthorized actor claimed responsibility for the data theft.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In August 2022, Tom James Company detected unusual activity within its computer network. Shortly after this discovery, an unauthorized actor contacted the organization, claiming to have stolen files from its systems. The company immediately secured its network and initiated an investigation to determine the nature and scope of the incident. The investigation confirmed the event was a ransomware attack that enabled threat actors to access specific files containing confidential consumer information. While the exact intrusion vector wasn't disclosed, the compromise resulted in unauthorized access to sensitive data stored on the company's network. Tom James conducted a thorough review of the affected files to identify both the compromised information types and the impacted individuals. The analysis revealed that attackers potentially accessed victims' names and Social Security numbers, though the specific data elements varied by individual. The incident remained contained to Tom James' corporate network, with no evidence suggesting third-party system compromises.
On February 17, 2023, Tom James Company filed formal breach notifications with the Attorneys General of Montana and Maine, disclosing that 8,656 individuals were affected. The same day, the organization began mailing individualized data breach notifications to all impacted consumers, detailing the exposed information specific to each recipient. According to regulatory filings, the attack's primary impact involved the potential exposure of personally identifiable information rather than operational system destruction or financial theft directly from company accounts. No ransomware payment details or specific attacker identities were disclosed in the public filings. The company's response focused on network security remediation and regulatory compliance, with no mention of credit monitoring services being offered to victims. The breach notification letters advised affected individuals to remain vigilant against potential fraud or identity theft stemming from the exposure of their Social Security numbers.