In August, a malicious actor successfully breached Constancy Investments’ systems, compromising the sensitive information of approximately 77,099 customers in Maine, as disclosed in a breach notification letter sent to affected individuals in October. 9.
The attacker failed to deposit funds into existing Constancy funding accounts. Notwithstanding this, the hacker successfully accessed private data, including sensitive information such as Social Security numbers and driver’s licenses, and proceeded to create two new customer accounts. When confronted with an attack, Constancy swiftly blocked the aggressor’s access point and offered affected customers a comprehensive credit score monitoring and identity restoration solution.
“We treat this incident and the security of your personal information with utmost seriousness,” the Constancy Investments Private Office wrote in a template notice drafted for Maine residents. “As previously noted, when this situation arose, we swiftly responded by halting the activity and addressing the issue.”
Parts of cyberattack stay unknown
Within the state of Maine, an assault occurred in August, specifically aligning with Constancy’s parameters. 17 and 19. As of this writing, Constancy remains tight-lipped about the details surrounding the breach, specifically how the attacker initially gained access and which account features enabled them to move undetected through the system.
The information gathered by a third-party entity linked to a limited group of our customers, according to Constancy.
Concurrently, Constancy implemented external security experts to aid in the probe, simultaneously securing the attacker’s entry point within the system. With an unyielding promptness, Constancy came into play. The corporation offers credit score monitoring and identity restoration services, potentially detecting unusual activity in the affected customers’ financial accounts.
Cyberattackers have targeted Constancy before. In March, Consistency announced that its clients’ sensitive information had been compromised in a ransomware attack. Hackers successfully breached Infosys McCamish Programs’ IT systems in November 2023, exploiting vulnerabilities to gain unauthorized access. The alleged October incident appears to have no discernible connection to the earlier reported sexual assault allegations.
Secure sensitive data within accounts by implementing robust protection measures. This includes setting strong passwords, enabling two-factor authentication, and configuring account settings to minimize potential security vulnerabilities. Additionally, regularly reviewing account activity and updating software or applications as needed helps to maintain a high level of security around accounts containing confidential information.
Constancy advises clients to closely monitor their personal accounts for any signs of fraudulent activity or suspicious transactions. Additionally, they direct clients to steps for placing a fraud alert and obtaining a credit report. Their suggestions embody:
- Regularly review your financial statements across various accounts.
- Monitor your credit score stories.
- Promptly report any suspicious transactions to your financial institution, local law enforcement, or the appropriate federal or state authority.
Upon request for comment, Constancy verified the accuracy of the information presented in the draft breach notification.
“After releasing assets to support their needs, we understand that our clients may have questions regarding the current situation,” said Consistency, according to a statement provided by Michael Aalto, Head of Company External Communications.” “Consistency proves its commitment to serving clients and protecting information with unwavering dedication.”