Cyber Incident Victim: Killer Instinct

Killer Instinct, a company specializing in modern crossbow sales through physical stores and an online platform, experienced a data breach between October 12 and October 28, 2022. An unauthorized individual gained access to email accounts used by at least one company employee during this 16-day period. The company discovered the intrusion and initiated an investigation to determine the scope and impact. Forensic analysis confirmed the unauthorized access occurred but could not establish whether specific emails or attachments within the compromised accounts were viewed or exfiltrated by the threat actor. The breach exposed sensitive financial information belonging to over 800 users, including combinations of financial account numbers, credit/debit card numbers, and associated security credentials such as access codes, passwords, or PINs.

Killer Instinct filed a breach notification with the Maine Attorney General’s Office detailing the incident's parameters and affected data types. The company secured the compromised email accounts upon discovery and implemented measures to assess potential vulnerabilities across its systems. As remediation, Killer Instinct offered affected individuals 12 months of complimentary credit monitoring services through Experian. The notification advised consumers to monitor financial accounts, review credit reports for suspicious activity, and remain vigilant against identity theft or fraud attempts. No evidence suggested broader system compromise beyond the targeted email accounts, though the investigation could not definitively rule out data acquisition due to the nature of the email account access.