Major Data Breach at Greylock McKinnon Associates: 340,000 Social Security Numbers Stolen
Greylock McKinnon Associates, a U.S. consulting firm, has disclosed a data breach where hackers stole approximately 341,650 Social Security numbers. This breach was officially reported on Maine’s government website, where data breach notifications are posted.
Breach Details
The breach occurred due to a cyberattack in May 2023, with Greylock McKinnon Associates (GMA) promptly responding to mitigate the incident.
GMA, known for providing economic and litigation support to companies and U.S. government agencies, including the Department of Justice, found that personal information used in a civil litigation matter supported by GMA was compromised.
The individuals affected by this breach were notified by GMA through mail. They were informed that their personal and Medicare information, including names, dates of birth, home addresses, some medical information, health insurance information, and Medicare claim numbers (which included Social Security Numbers), were likely affected.
However, GMA assured that these individuals were not the subject of the investigation or associated litigation matters and that the cyberattack does not impact their current Medicare benefits or coverage.
Delay in Notification
There was a notable delay in determining the extent of the breach and notifying the victims, taking approximately nine months.
The reasons for this delay are not clear, and GMA, along with its outside legal counsel, has not immediately responded to requests for comments.
Response and Measures
Following the breach, GMA consulted with third-party cybersecurity specialists and notified law enforcement and the DOJ. They received confirmation of the affected individuals and obtained their contact addresses by February 2024.
This incident highlights the growing concerns over data security and the protection of sensitive personal information, especially in firms handling critical data for government agencies. The breach at Greylock McKinnon Associates serves as a reminder of the persistent threats in the digital landscape and the importance of robust cybersecurity measures.