Cyber Incident Victim: OBI Seafoods, LLC

On August 16, 2024, OBI Seafoods, LLC discovered an external system breach involving unauthorized access to its network through hacking activity. The Seattle-based seafood company determined the breach occurred four days earlier on August 12, 2024, compromising personal information belonging to 19,014 individuals across multiple jurisdictions, including seven Maine residents. The compromised data included names combined with at least one other personal identifier, though the specific categories of exposed data beyond this combination were not detailed in the breach notification. OBI Seafoods engaged legal counsel from Troutman Pepper Locke, LLP to manage breach disclosure requirements, with attorney Karla Ballesteros serving as the designated contact for regulatory communications. The company did not disclose technical details regarding the intrusion methods, duration of unauthorized access, or specific information systems affected beyond characterizing it as an external system compromise.

OBI Seafoods implemented substitute notification procedures to inform affected individuals, issuing consumer notices on March 12, 2025 – approximately seven months after breach discovery. The delayed notification timeline was not explained in the filing. Impacted parties received access to 24 months of complimentary credit monitoring and identity protection services through Experian, specifically covering individuals whose Social Security Numbers, Taxpayer IDs, Driver's Licenses, or State Identification Numbers were potentially exposed. The company confirmed this was its first breach notification within the preceding 12-month period. No details were provided regarding containment measures, forensic investigation findings, law enforcement involvement, or operational disruptions resulting from the incident. The Maine Attorney General's office published the notification letter template submitted by OBI Seafoods as part of its consumer protection disclosure requirements.