Cyber Incident Victim: Donlen Corporation
Date:
Feb 2021
Location:
United States of America
Summary
Donlen Corporation experienced a cybersecurity incident involving unauthorized access to its network, where an intruder removed files containing sensitive consumer data. The breach was detected following unusual system activity that impacted network accessibility, prompting the company to secure its systems and engage a third-party cybersecurity firm for investigation. While specific compromised data types were not publicly disclosed, regulatory reporting requirements suggest potential exposure of personally identifiable information such as Social Security numbers, financial details, or government-issued IDs. The Illinois-based fleet management firm completed its review of affected files and notified impacted individuals approximately five months after detecting the intrusion.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On March 4, 2022, Donlen Corporation detected unusual activity affecting accessibility to certain systems within its computer network. The company immediately secured its systems and engaged a third-party cybersecurity firm to investigate the incident. The investigation determined that an unauthorized actor accessed portions of Donlen's network between February 24, 2021, and March 4, 2021, during which files containing sensitive consumer data were removed from the network. Donlen completed its review of compromised files on April 8, 2022, identifying affected individuals and the nature of exposed data. While the company did not publicly disclose specific data types involved, its breach notification to the Montana Attorney General's office indicated potential compromise of Social Security numbers, financial account information, driver's license numbers, or state identification numbers, as Montana law mandates reporting only for breaches involving these categories. Donlen initiated consumer notifications on August 29, 2022, approximately five months after detecting the incident and four months after completing its forensic review.
The breach impacted Donlen Corporation, a Bannockburn, Illinois-based fleet leasing and management company with 823 employees, $471 million annual revenue, and oversight of 165,000 leased vehicles. Unauthorized access persisted for nine days in early 2021 before detection occurred thirteen months later in March 2022. The delayed discovery timeline suggests potential security monitoring deficiencies, though the company's public filings did not specify detection methods or system vulnerabilities exploited. Data exfiltration occurred through file removal from corporate networks, with compromised information sufficiently sensitive to trigger Montana's breach notification requirements. The incident necessitated third-party forensic investigation, internal data mapping to identify affected consumers, and regulatory compliance measures across multiple jurisdictions. Consumer notifications outlined risks of fraud and identity theft but did not quantify the number of impacted individuals or provide specific remediation resources beyond standard breach disclosure protocols.