Cyber Incident Victim: eCapital Corp.

eCapital Corp., a Florida-based financial services company specializing in credit card processing and business financing, detected unauthorized access to its computer network on July 22, 2021. The breach compromised sensitive consumer information including names, Social Security numbers, driver's license numbers, and passport numbers. Upon discovery, the company implemented immediate containment measures by securing its network infrastructure and modifying existing data security protocols. eCapital engaged an external cybersecurity consulting firm to conduct a forensic investigation into the incident scope and attacker methodology. The subsequent review process examined all potentially affected files to identify compromised data types and determine impacted individuals across its client base serving trucking, staffing, manufacturing, and other industries.

The organization formally reported the breach to the Massachusetts Attorney General's office on August 8, 2022—over one year post-discovery—and initiated notification letters to affected consumers that same day. eCapital's delayed disclosure timeline raised questions about potential risks to consumers from prolonged exposure to identity theft threats. Possible explanations for the notification delay included the time-intensive data review process required to verify impacted individuals and data elements, as well as potential coordination with law enforcement investigations that sometimes request delayed public disclosure. The company maintained standard breach response procedures including network security enhancements and third-party forensic collaboration, though the extended timeline between intrusion detection and consumer notification exceeded typical industry practices for incidents involving highly sensitive personal identifiers. No specific threat actor details or data exploitation evidence were disclosed in regulatory filings.