Cyber Incident Victim: SLT Lending SPV, Inc.

SLT Lending SPV, Inc., operating as the retail company Sur La Table, experienced a data security incident in March 2023 involving unauthorized access to its computer systems. The company detected unusual activity within its network and launched an investigation with the assistance of a cybersecurity firm. Subsequent forensic analysis confirmed that an unauthorized third party accessed specific folders on company devices over an eleven-day period between March 15, 2023, and March 25, 2023. During this breach window, the intruder obtained files containing sensitive employee information, though the company's systems were not fully compromised. Sur La Table contained the threat upon detection and initiated a comprehensive review of the affected files to determine the scope and nature of the exposed data.

The investigation revealed that compromised files contained confidential employee information including names, driver's license numbers, state identification numbers, and medical or health-related data. The breach did not impact customer information and appeared limited to employee records. Sur La Table completed its review of affected individuals by May 2023 and formally reported the incident to the Maine Attorney General's office on May 24, 2023. On that same date, the company commenced mailing individualized data breach notifications to all affected employees, advising them of the specific information exposed in their cases. The publicly disclosed filing indicated the breach potentially impacted the company's workforce of approximately 1,426 employees across its 50 U.S. retail locations, though the exact number of confirmed victims was not specified in regulatory documents. There was no evidence suggesting misuse of the exposed data prior to notification, and the company did not disclose whether ransomware or extortion attempts were involved in the incident.