Cyber Incident Victim: Hubbard-Hall Inc.

Hubbard-Hall experienced an external system breach resulting from hacking activity on August 23, 2024. The intrusion remained undetected until December 12, 2024, when the organization discovered unauthorized access to systems containing personal information. The compromised data included individuals' names combined with other personal identifiers, though the specific additional data elements were not detailed in the notification. The breach impacted 327 individuals nationwide, including two residents of Maine. No evidence suggested the breach exceeded 1,000 Maine residents, eliminating the requirement to notify consumer reporting agencies under applicable thresholds. Hubbard-Hall engaged legal counsel from Constangy, Brooks, Smith & Prophete LLP to manage breach response obligations.

The organization initiated written notifications to affected individuals on December 24, 2024, twelve days after breach discovery and four months after the initial intrusion. Hubbard-Hall provided Maine residents with a copy of the notification labeled ELN-23404_Hubbard_Hall_AD_CM_r1prf.pdf as part of state compliance requirements. All impacted individuals received offers for 12 months of identity protection services through Kroll, encompassing credit monitoring, fraud consultation, and identity theft restoration support. No prior breach notifications had been issued by the entity within the preceding 12-month period. The incident represented a discrete cybersecurity event involving external threat actors, with remediation efforts focused on victim assistance rather than public disclosure of technical containment measures or system forensic details.