The Maine Office of the Attorney General disclosed a data breach affecting CRB Group, Inc. on August 21, 2024. The incident stemmed from an external system breach that occurred between December 25, 2023, and January 3, 2024, though it was only detected on May 29, 2024. The breach compromised the personal information of approximately 1,198 individuals, including 4 residents of Maine. While the exact nature of the exposed data was not detailed in the report, the scale and regulatory notification suggest the leak involved sensitive personal or employee-related information. The delayed discovery—nearly five months after the initial intrusion—highlights potential vulnerabilities in CRB Group’s cybersecurity monitoring and response protocols. The breach’s impact appears confined to data exposure rather than financial fraud, operational disruption, or ransomware demands, but the involvement of an external system compromise indicates a targeted or opportunistic cyber attack. As a regulated disclosure, the incident underscores compliance risks under data protection laws, though no immediate evidence suggests broader systemic damage to the company’s operations or reputation beyond the mandatory breach notification and affected individuals’ potential exposure to identity theft or phishing risks.