Cyber Incident Victim: Reiter Affiliated Companies
Date:
Jul 2022
Location:
United States of America
Summary
Reiter Affiliated Companies experienced a cyberattack resulting in unauthorized access to its computer network over a multi-day period, during which sensitive consumer data was stolen. The breach compromised names, Social Security numbers, and dates of birth for affected individuals. Following an investigation with external cybersecurity experts, the company confirmed the data theft and subsequently notified impacted parties via mailed letters. The incident rendered certain internal systems temporarily inaccessible before being contained.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Reiter Affiliated Companies, LLC discovered unauthorized access to its computer systems on July 4, 2022, when portions of its network became inaccessible, prompting an immediate cybersecurity investigation. The company engaged external experts who determined that an unauthorized actor infiltrated Reiter's network between June 25, 2022 and July 4, 2022, during which time the attacker exfiltrated files containing sensitive personal information. Following containment of the breach, forensic analysis confirmed the compromise of consumer data, specifically identifying names, Social Security numbers, and dates of birth as the stolen information categories. The investigation process involved comprehensive file reviews to determine both the scope of compromised data and the specific individuals impacted by the incident. Reiter formally reported the breach to the U.S. Department of Health and Human Services Office for Civil Rights on September 2, 2022, meeting regulatory disclosure requirements for incidents involving protected health information.
The confirmed impact involved unauthorized access to personally identifiable information that could enable identity theft or financial fraud against affected consumers. Reiter initiated victim notification procedures on September 2, 2022, dispatching individualized "Notice of Security Incident" letters to all persons whose data was compromised in the breach. These notifications explicitly detailed the specific data elements exposed for each recipient, including the combination of name, birthdate, and Social Security number that constituted the primary risk factors. The breach's consequences centered on potential misuse of stolen identifiers, with compromised Social Security numbers representing particularly high-value targets for fraudulent activities given their role in credit and identity verification systems. Reiter's public disclosure through its website and regulatory filings provided consistent timelines regarding the intrusion window, discovery date, and notification timeline without specifying the number of affected individuals or operational disruptions beyond system inaccessibility during the incident's discovery phase.