Greylock Mckinnon Associates Reports Major Data Breach Affecting Over 340,000 Individuals
Greylock McKinnon Associates, a Boston consulting firm that provides support services in civil litigation, experienced a data breach that affected 341,650 individuals.
The incident happened on May 30, 2023, was found on February 7, and consumers were contacted on Friday (April 5), according to the company’s data breach notification filed with the Office of the Maine Attorney General.
The data breach notification identified the incident as a “external system breach (hacking)” in which hackers obtained people’s names or other personal identifiers in conjunction with Social Security numbers.
According to a consumer notice letter submitted alongside the data breach report, Social Security numbers were included in Medicare health insurance claim numbers.
According to the letter, the information accessed by the hackers was collected by the United States Department of Justice (DOJ) as part of a civil litigation action and delivered to Greylock McKinnon Associates as part of the firm’s support services to the DOJ.
“On May 30, 2023, we detected unusual activity on our internal network, and we promptly took steps to mitigate the incident,” the letter went on to say. “We collaborated with third-party cybersecurity experts to help with our reaction to the event, and we informed law enforcement and the DOJ. On February 7, 2024, we received confirmation of whose persons’ information had been impacted and obtained their contact information.
This development follows several other data breaches.
On March 30, AT&T announced that personal information for several million customers, including 7.6 million current AT&T account users and 65.4 million past account holders, had been released to the dark web.
The telecom giant stated that its inquiry revealed that “AT&T data-specific fields” were included in the data dump, but that there is no proof of unlawful access to its systems. It’s unclear if those fields came from AT&T or one of its vendors.
On March 4, American Express informed customers about a data breach at a third-party service provider utilized by numerous businesses.
The unnamed service provider “experienced unauthorized access to its system,” and account information for some American Express cardholders may have been compromised.