Cyber Incident Victim: North Star Leasing

On December 12, 2022, North Star Leasing, a wholly-owned subsidiary of Peoples Bancorp, formally reported a data breach to the Massachusetts Office of Consumer Affairs and Business Regulation. The breach involved unauthorized access to electronically stored consumer information, potentially stemming from a cyberattack. The compromised data included sensitive customer details such as names, Social Security numbers, financial account numbers, and driver’s license numbers. North Star Leasing initiated an internal review of affected files upon discovering the exposure to determine the specific information accessed and the identities of impacted individuals. The scope of compromised data varied by consumer, with some individuals having multiple categories of personal and financial information exposed.

North Star Leasing mailed data breach notification letters to all affected customers on the same date as its regulatory filing, December 12, 2022. These letters informed recipients about the incident and provided guidance on protecting against identity theft and fraud. The company did not disclose technical details regarding the breach mechanism, attacker origins, or specific detection methods in its Massachusetts Attorney General filing. As an equipment financing division of Peoples Bank, North Star Leasing manages business equipment leasing across multiple industries, operating under a parent entity with $7 billion in assets and over 1,245 employees. The breach exposed financial and government-issued identification data critical to identity verification processes, elevating risks of fraudulent financial transactions for impacted customers. No information was provided regarding containment measures, forensic investigations, or system remediation efforts beyond the confirmation of data exposure and consumer notifications.