Korchmar, The Leather Specialty Company, is a leather accessory store based in Florida. It provides luxury and business consumers with handmade goods like briefcases, canvas rolls, and laptop sleeves. Korchmar also works with a third-party manager, referred to by the company as “MSP”; MSP recently had a cybersecurity incident involving Korchmar consumers.
Korchmar purportedly discovered suspicious activity after an unauthorized party accessed the systems through MSP. Like other service and developer-sided breaches, little else is public about how the attack was possible. MSP could have suffered from a system vulnerability similar to the MOVEit breach earlier this year.
The Korchmar breach notice describes the attack as happening on April 2nd, 2023. The notice suggests the company discovered the assailant a day later and began cybersecurity continuity processes. However, the breach notice filed with the Maine Attorney General’s office suggests the breach was undiscovered until October 3rd, 2023.
The victims of Korchmar’s breach are likely their consumers; in response, Korchmar offers temporary safeguards. Their consumer notice suggests those with information at risk should consider financial and credit monitoring services.
There are no references to how many files the breach may have impacted. MSP’s and Korchmar’s systems may be largely secure if the attackers were after consumer details. If you are one of those who received a Korchmar breach notice, take steps to safeguard your data.