Enterprise Financial Group Data Breach Impacts 19,272 Individuals Nationwide

On July 15, 2024, automotive performance management company, Enterprise Financial Group, discovered a significant data breach affecting 19,272 individuals in the United States. This breach was particularly severe due to the nature of the data exposed and the method by which it was compromised.

The breach occurred when an unauthorized third party accessed and copied files from EFG's network on February 18, 2024. This was made possible by exploiting unknown vulnerabilities in a third-party VPN appliance, despite EFG's efforts to address and patch all reported vulnerabilities.

The investigation into the breach, conducted with the help of external cybersecurity experts, confirmed that the unauthorized access was limited to specific segments of their network.

The types of consumer information exposed in this breach are extensive and include:

• Full name
• Address
• Social Security Number
• Driver’s License Number
• Government-issued ID Number (e.g., passport, state ID card)
• Financial Information (e.g., account number, credit or debit card number)
• Medical Information
• Date of Birth
• Insurance Information

In Texas alone, 9,372 individuals were affected, while 29 individuals were impacted in Maine.

Upon discovering the breach, EFG took immediate action to investigate and contain the incident. They engaged external cybersecurity experts to assist in the process and applied all available patches to mitigate future risks.

As a precautionary measure, EFG replaced the compromised third-party VPN appliance. Although there is no evidence suggesting misuse of the exposed information, EFG has notified affected individuals and offered them complimentary credit monitoring and identity protection services through Equifax.

The breach was reported to the Maine Attorney General's office, the Texas Attorney General's office and the Massachusetts Attorney General's office.