In a recent disclosure, Greylock McKinnon Associates (GMA), a prominent US consulting firm, revealed a major data breach affecting as many as 340,000 Social Security numbers. The breach, which occurred over nine months ago, was officially reported on Maine’s government website, as per the state’s data breach notification requirements.
GMA first detected the breach in February but only recently made it public, stating that hackers had accessed a vast trove of sensitive data. The firm, known for providing economic and litigation services to various companies and US government agencies, including the Department of Justice (DOJ), did not specify the exact nature of the cyberattack but assured that it took immediate steps to contain the incident.
In their data breach notice, GMA mentioned that they had engaged third-party cybersecurity experts to manage the aftermath of the breach and had also informed law enforcement agencies and the DOJ. The compromised information included names, dates of birth, addresses, Medicare Health Insurance Claim numbers (which often contain Social Security numbers), and other medical or health insurance details.
Interestingly, GMA noted that the compromised personal information had previously been obtained by the DOJ in a civil litigation matter. However, the firm assured that the affected individuals were not targets of the investigation. GMA also confirmed that the cyberattack did not impact the current Medicare benefits or coverage of the affected individuals.
Despite the breach occurring several months ago, GMA explained that the delay in disclosure was due to the time needed to verify the identities of the affected individuals. The firm emphasized its commitment to data security and stated that it had promptly deleted all DOJ-related data from its systems following the incident.
The breach at Greylock McKinnon Associates underscores the growing threat of cyberattacks targeting sensitive personal information. It serves as a reminder for organizations to remain vigilant and proactive in safeguarding data from malicious actors. GMA’s response, including engaging cybersecurity experts and cooperating with law enforcement, sets a precedent for handling such incidents with transparency and accountability.
