Cyber Incident Victim: Ancora Holdings Group
Date:
May 2022
Location:
United States of America
Summary
Ancora Holdings Group experienced a data breach involving unauthorized access to an employee's email account over a month-long period, compromising individuals' names and Social Security numbers. The company detected the intrusion, secured the affected account, and engaged cybersecurity specialists to investigate, later confirming that sensitive consumer data was exposed. After reviewing impacted files, the firm notified affected parties, acknowledging that the stolen information could enable identity theft, fraudulent financial activities, or unauthorized account openings. The breach was reported to regulatory authorities, with the compromised data posing significant risks due to the sensitive nature of Social Security numbers.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On August 25, 2022, Ancora Holdings Group, Inc. reported a data breach to the Office of the Attorney General of Montana involving unauthorized access to an employee’s email account. The company detected suspicious activity within the account on June 17, 2022, prompting immediate securing of the compromised email system and initiation of a third-party cybersecurity investigation. Forensic analysis determined that an unauthorized actor first accessed the account on May 16, 2022, maintaining persistent access for approximately one month until detection. During this period, the intruder potentially viewed emails and attachments containing sensitive consumer information. Ancora completed its comprehensive review of affected files on August 23, 2022, confirming that exposed data included individuals’ names and Social Security numbers, though the specific compromised elements varied per victim. The firm formally notified all impacted parties through data breach letters distributed on August 25, 2022, exactly 33 days after discovering the intrusion and 70 days after the initial compromise.
The breach exposed personally identifiable information that could enable multiple forms of financial fraud, including identity theft and unauthorized financial transactions. Compromised Social Security numbers create risks of fraudulent credit applications, illicit loan acquisitions, and unauthorized utility account openings, as attackers could combine stolen SSNs with publicly available personal details. Additional documented threats include tax refund interception through fraudulent IRS filings, a method historically accounting for significant identity theft cases according to Federal Trade Commission data. Ancora’s investigation did not disclose the exact number of affected individuals but confirmed the breach impacted customers whose data resided in the compromised email system. As a financial services firm managing $8.4 billion in assets and serving institutional clients, the incident implicated sensitive consumer data handled during routine operations. The company’s response included engagement of cybersecurity specialists for forensic analysis, a 67-day file review process to identify compromised information, and regulatory compliance through Montana Attorney General notifications. No evidence suggested misuse of stolen data prior to the August 2022 disclosure, though the extended access period created substantial exposure windows for potential exploitation.