Cyber Incident Victim: Datasite LLC
Date:
May 2023
Location:
United States of America
Summary
Datasite LLC experienced a data breach caused by a service provider compromise, impacting 827 individuals including two Maine residents. The incident resulted in the acquisition of personal information, specifically names in combination with Social Security Numbers. The company offered affected individuals 24 months of credit monitoring, call center support, identity theft assistance, and insurance through Experian.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On May 31, 2023, Datasite LLC, a commercial entity based at 733 Marquette Ave in Minneapolis, MN, discovered a security incident. The company determined that the breach had occurred on the previous day, May 30, 2023. The incident was characterized as a service provider breach, indicating that the compromise did not occur within Datasite's own internal systems directly but rather through one of its external vendors or partners. The specific service provider involved was not named in the official notification submitted to the Maine Attorney General's office.
The breach resulted in the unauthorized acquisition of personal information. The type of information acquired was identified as a name or other personal identifier in combination with the individual's Social Security Number. This specific combination of data is highly sensitive and is considered personally identifiable information that can be used for fraudulent purposes, including identity theft. The total number of individuals affected by this incident was 827 people. Among this group, two were identified as residents of the state of Maine.
The discovery of the breach prompted an immediate response from Datasite. The company's Senior Attorney and Compliance Counsel, Brenda Willette Anderson, was designated as the point of contact for the incident and was responsible for submitting the required breach notification to the authorities. The company undertook an investigation to determine the scope and impact of the event, confirming the number of affected individuals and the specific types of data that were compromised.
In response to the incident, Datasite arranged for identity theft protection services to be offered to all affected individuals. The company engaged Experian to provide these services. The protection package included 24 months of comprehensive credit monitoring services. This service is designed to alert consumers to changes in their credit files that could indicate fraudulent activity. Additionally, the offered services included access to a dedicated call center for support, identity theft assistance to help victims resolve issues, and identity theft insurance coverage to provide financial reimbursement for certain costs associated with restoring one's identity.
The method of notification to consumers was conducted through written correspondence. Datasite planned to formally notify all 827 affected persons by mail. The date scheduled for this consumer notification was June 23, 2023, which was approximately three weeks after the breach was discovered. A copy of the sample notice intended for Maine residents was filed with the state's reporting office under the reference `EXPERIAN_J6061_Datasite LLC_L01_SAS_2 Sample.pdf`. The company confirmed that it had not experienced any other breach notifications within the twelve months preceding this incident. The breach was reported to the Maine Attorney General as required by state law due to the involvement of two Maine residents, and the report was published through the state's online data breach notification portal.