Greylock McKinnon Associates (GMA), a prominent U.S. consulting firm, disclosed a significant data breach affecting approximately 341,650 individuals. The breach, which occurred in May 2023, compromised personal and Medicare information, including Social Security numbers. Despite the severity of the breach, questions arose regarding GMA's nine-month delay in notifying victims. Efforts to obtain comments from GMA and their legal representatives were unsuccessful, leaving many unanswered questions. This breach highlights the ongoing threat of cybercrime and underscores the importance of robust cybersecurity measures.
Greylock McKinnon Associates (GMA), a U.S. consulting firm, recently revealed a significant data breach where hackers managed to steal approximately 341,650 Social Security numbers. This breach was brought to light last Friday through a notification posted on Maine's government website, which serves as a platform for sharing data breach alerts.
According to the breach notification sent out to impacted individuals, GMA disclosed that it fell victim to an unspecified cyberattack back in May 2023. The company asserted that immediate measures were taken to address and alleviate the incident.
Specializing in offering economic and litigation support to various entities, including U.S. government agencies like the Department of Justice, GMA's breach notice indicated that the compromised personal data was accessed as part of civil litigation proceedings supported by the firm.
Details regarding the exact nature and targets of the Department of Justice's civil litigation remain undisclosed. Despite attempts to seek clarification, a spokesperson for the Justice Department refrained from providing any comments.
GMA clarified that the individuals notified about the breach are not under investigation or associated with the ongoing litigation matters pursued by the DOJ. Additionally, the company assured that the cyberattack has no bearing on the affected individuals' current Medicare benefits or coverage.
The firm further stated that it engaged third-party cybersecurity experts to aid in responding to the incident promptly. Law enforcement and the Department of Justice were notified, and on February 7, 2024, GMA confirmed the identities of the individuals affected and obtained their contact information.
Victims were informed by GMA that their personal and Medicare data was probably compromised in this event. This encompasses various details such as names, dates of birth, residential addresses, certain medical records, health insurance particulars, and Medicare claim numbers, inclusive of Social Security numbers.
The reason behind GMA's nine-month delay in assessing the breach's magnitude and informing those affected remains ambiguous.
Requests for comments directed to GMA and the company's external legal advisor, Linn Freedman from Robinson & Cole LLP, were met with no immediate responses.
Comments 0