Hackers Breach Government Consulting Firm, Steal 340,000 Social Security Numbers

Cyber Attack

Consulting Firm Greylock McKinnon Associates (GMA) Discloses Data Breach, 341,650 Social Security Numbers Compromised

Greylock McKinnon Associates (GMA), a U.S. consulting firm providing economic and litigation support to companies and government agencies, including the U.S. Department of Justice (DOJ), has disclosed a significant data breach. The breach, affecting up to 341,650 individuals, was reported on Maine’s government website, where data breach notifications are posted.

According to GMA's breach notice sent to affected individuals, the cyberattack occurred in May 2023, prompting the firm to take immediate steps to mitigate the incident. The breached data, including Social Security numbers, was obtained by the DOJ as part of a civil litigation matter supported by GMA. The details of the DOJ's investigation and targets remain undisclosed, and requests for comment from a Justice Department spokesperson have gone unanswered.

GMA clarified that affected individuals are not the subjects of the DOJ investigation or associated litigation matters, and the breach does not impact current Medicare benefits or coverage.

The firm engaged third-party cybersecurity specialists to aid in the incident response, notified law enforcement and the DOJ, and confirmed the affected individuals and their contact information by February 7, 2024.

The compromised personal information includes names, dates of birth, addresses, medical information, health insurance details, and Medicare claim numbers containing Social Security numbers.

Despite the breach occurring in May 2023, GMA took nine months to determine the breach's full extent and notify affected individuals. Neither GMA nor their legal counsel, Linn Freedman of Robinson & Cole LLP, have responded to requests for comment on the matter.