Cyber Incident Victim: Pear Tree Advisors

On May 31, 2023, Pear Tree Advisors, Inc. experienced an external system breach. The incident, identified as a hacking event, was discovered on the same day it occurred. The breach resulted in the unauthorized acquisition of personal information belonging to a total of 6,792 individuals. Among those affected, 26 were identified as residents of the State of Maine. The compromised data consisted of names or other personal identifiers in combination with Social Security Numbers, a combination that poses a significant risk of identity theft and financial fraud to the impacted individuals.

The entity involved, Pear Tree Advisors, Inc., is categorized as an Other Commercial organization. Its physical address is 55 Old Bedford Rd in Lincoln, Massachusetts, with the zip code 01773. The breach notification was submitted to the Maine Attorney General's office by outside counsel, Peter Guffin of the law firm Pierce Atwood LLP. Mr. Guffin's contact information, including telephone number 2077911199 and email address [email protected], was provided as part of the official filing. This indicates that the organization engaged external legal expertise to manage the breach notification process in compliance with state regulations.

In response to the incident, Pear Tree Advisors, Inc. opted to provide written notification to all affected consumers. The notifications were dispatched on July 7, 2023, which was over a month after the breach was discovered and occurred. This delay between discovery and notification is a standard part of the incident response process, allowing the organization to conduct a thorough investigation to determine the full scope of the compromise and to prepare accurate and comprehensive communications for those impacted. A copy of the notice sent to the affected Maine residents was filed with the state authorities under the reference "EXPERIAN_Job42179d07_PearTreeAdvisors_SAS_2(16203667.1).pdf".

As a remedial measure to protect the victims of the breach, Pear Tree Advisors, Inc. offered identity theft protection services to all affected individuals. The service provider selected was Experian IdentityWorks. The offered protection includes a comprehensive suite of features designed to mitigate the risk of identity theft and assist victims should it occur. These features encompass daily online access to credit reports, enabling individuals to monitor for any suspicious or unauthorized activity in near real-time. The service also includes ongoing credit monitoring, which alerts individuals to changes in their credit files that could indicate fraud. Furthermore, identity-restoration assistance is provided to help individuals navigate the process of recovering their identity and repairing their credit in the event of theft. The offering is backed by a $1 million identity theft insurance policy, which can cover certain expenses incurred as a result of identity theft. The duration of these protection services was set for 24 months, providing two years of continuous monitoring and support for the impacted individuals. The organization confirmed that no previous breach notifications had been issued within the 12 months preceding this incident. The specific details regarding the attack vector, the nature of the external systems breached, or the identity of the threat actors were not disclosed in the public notification. The response focused on the impact to individuals and the measures taken to safeguard their personal information following the security event.