Cyber Incident Victim: Legacy Supply Chain Services
Date:
Aug 2022
Location:
United States of America
Summary
Legacy Supply Chain Services experienced a data breach when an unauthorized party accessed its IT network, compromising sensitive consumer information including names and Social Security numbers. The intrusion began five days prior to detection, affecting 11,972 individuals, with breach notifications distributed after confirmation. The third-party logistics provider secured its systems and initiated an investigation upon discovering the incident.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Legacy Supply Chain Services, Inc. confirmed a data breach on September 1, 2022, after discovering unauthorized access to its IT network around August 10, 2022. The investigation determined the intrusion began five days prior to detection on August 5, 2022, exposing a segment of the network containing sensitive consumer data. Upon identifying the breach, Legacy immediately secured its systems and initiated a forensic investigation to assess the scope. The review of compromised files revealed unauthorized access to names and Social Security numbers, with the total impacted population confirmed as 11,972 individuals. Legacy Supply Chain completed its analysis of affected data and notified all victims through mailed data breach letters on September 1, 2022. The company did not disclose technical specifics regarding the attack vector or duration of network access beyond the five-day gap between intrusion and detection. No operational disruptions or system downtime were reported in connection with the incident.
The breach exclusively compromised personally identifiable information, with no mention of financial data, medical records, or corporate intellectual property being accessed. As a third-party logistics provider operating 35 North American facilities, Legacy manages warehousing, distribution, and transportation services for clients, handling sensitive employee or customer data as part of its operations. The compromised Social Security numbers create significant identity theft risks for victims, prompting Legacy to issue standard breach notifications advising protective measures. The company’s annual revenue of $457 million and workforce of 1,400 employees indicate substantial infrastructure supporting its supply chain operations, though the breach investigation did not reveal systemic security failures or specific negligence claims. Legacy’s public disclosure through Maine’s Attorney General office provided regulatory confirmation of the incident timeline and victim count without elaborating on containment methodologies beyond initial system lockdowns and forensic reviews.