Cyber Incident Victim: Bald Head Island Limited

Bald Head Island Limited, LLC, a commercial entity based in Bald Head Island, North Carolina, experienced a cybersecurity incident involving an external system breach through hacking. The breach occurred on July 23 and 24, 2024, but was not discovered until November 7, 2024, indicating a nearly four-month gap between compromise and detection. Unauthorized actors accessed personal information, specifically acquiring individuals' names in combination with other personal identifiers, though the precise types of additional compromised data were not detailed in the notification. The breach impacted 5,574 individuals nationwide, including three residents of Maine. Due to the low number of affected Maine residents, the entity was not required to notify consumer reporting agencies under applicable thresholds.

Bald Head Island Limited initiated written notifications to all affected consumers on December 13, 2024, approximately five weeks after discovering the breach. The entity provided Maine residents with a copy of the notification letter, titled "BHIL_-_adult_notice_letter-_Proof.pdf," though the specific contents of the letter were not disclosed. As part of its response, Bald Head Island Limited offered impacted individuals 12 months of complimentary credit monitoring and identity protection services through TransUnion. No prior breach notifications involving the entity had been issued within the preceding 12 months. The incident was reported to regulatory authorities by the entity’s legal counsel, Michael Bonner of Cipriani & Werner, PC, who submitted the required documentation on behalf of Bald Head Island Limited.