National Amusements Inc., the parent company of Paramount and CBS, has suffered a data breach that affected some 82,000 people.

The data breach, disclosed via a Dec. 22 filing with the Office of the Maine Attorney General, occurred between Dec. 13 and Dec. 15, 2022, before being detected on Aug. 23 this year. In a letter sent to those affected, National Amusements describes the breach involving “suspicious activity” that resulted in unauthorized individuals accessing files containing information on individuals.

Information that may have been stolen included financial account numbers or credit and debit card numbers, in combination with security codes, access codes, passwords or PIN codes for the affected account. National Amusements said it started to inform those affected on Dec. 22, a year and week after the breach occurred.

The company is offering those affected complimentary credit services from Experian plc, a company that certainly has experience with data breaches, and is encouraging users to remain vigilant against incidents of identity theft by reviewing their account statements and monitoring credit reports.

The advice from National Amusements is standard: Users should monitor the account statements. But it would have been nice if they had been warned to do so a year ago, around the time the breach actually occurred, or, at the very least, soon after it was discovered in August.

The breach isn’t the first to affect the company this year. Paramount, also in a notice to the Office of the Maine Attorney General, advised of a breach on Aug. 11 that occurred between May and June of this year. It involved an authorized third party accessing certain files. In that hack, data access included names, dates of birth, Social Security numbers, driver’s license numbers and passport numbers.

Although National Amusements says it has no evidence of any identity theft or fraud related to the event, this is also a company that took eight months to detect the breach and then four more months to inform victims — actions that to do not inspire confidence in its cybersecurity competence.

Those affected should be aware that they may be targeted by phishing emails that exploit their stolen data to trick them into handing over more information.

Image: National Amusements