Highlights:

  • In a communication addressed to those impacted, National Amusements outlines the breach, characterizing it as involving “suspicious activity” that led to unauthorized individuals gaining access to personal information files.
  • While National Amusements asserts that there is no evidence of identity theft or fraud linked to the incident, the fact that it took eight months to detect the breach and an additional four months to notify victims does not instill confidence in the company’s cybersecurity capabilities.

National Amusements Inc., the parent company overseeing Paramount and CBS, experienced a data breach impacting approximately 82,000 individuals.

The data breach, revealed in a filing with the Office of the Maine Attorney General on December 22, transpired between December 13 and December 15, 2022, before being identified on August 23 of the current year. In a communication addressed to those impacted, National Amusements outlines the breach, characterizing it as involving “suspicious activity” that led to unauthorized individuals gaining access to personal information files.

The compromised information potentially includes financial account numbers or credit and debit card numbers, security codes, access codes, passwords, or PIN codes associated with the affected accounts. National Amusements began notifying those affected on December 22, precisely one year and a week after the breach.

The company provides those impacted with complimentary credit services from Experian plc, with notable experience handling data breaches. Additionally, users are encouraged to stay vigilant against potential incidents of identity theft by regularly reviewing their account statements and monitoring their credit reports.

National Amusements’ guidance is standard: Users can monitor their account statements. However, it would have been preferable if users had been alerted to monitor their account statements around a year ago, roughly when the breach occurred, or at the very least, shortly after its discovery in August.

This breach is not the first to impact the company this year. In a notice to the Office of the Maine Attorney General, Paramount reported a breach on August 11 that transpired between May and June of this year. The incident entailed an authorized third party gaining access to specific files. In this breach, the compromised data included names, Social Security numbers, dates of birth, driver’s license numbers, and passport numbers.

While National Amusements asserts that there is no evidence of identity theft or fraud linked to the incident, the fact that it took eight months to detect the breach and an additional four months to notify victims does not instill confidence in the company’s cybersecurity capabilities.

Individuals affected should remain vigilant, as they might become targets of phishing emails leveraging their stolen data to deceive them into divulging additional information.