Hackers Steal 340,000 Social Security Numbers from Government Consulting Firm

U.S. consulting firm Greylock McKinnon Associates (GMA) has reported a data breach in which hackers accessed up to 341,650 Social Security numbers. The breach was disclosed on Friday through a notification on Maine’s government website, where data breach notifications are posted.

According to the breach notice sent to affected individuals, GMA was targeted by an unspecified cyberattack in May 2023 and took immediate steps to mitigate the incident. GMA provides economic and litigation support to companies and U.S. government agencies, including the U.S. Department of Justice, for civil litigation purposes. The personal information compromised in the breach was obtained by the U.S. Department of Justice as part of a civil litigation matter supported by GMA. The specific details and targets of the DOJ’s civil litigation are currently unknown.

Affected individuals were assured in the notification that they are not the subject of the investigation or associated litigation matters, and that the cyberattack does not impact their current Medicare benefits or coverage. GMA stated that it consulted with third-party cybersecurity specialists to manage the incident response, notified law enforcement and the DOJ, and confirmed the affected individuals’ information on February 7, 2024.

The compromised personal and Medicare information includes names, dates of birth, home addresses, some medical information and health insurance details, and Medicare claim numbers, which also encompass Social Security numbers.

It remains unclear why it took GMA nine months to assess the breach’s extent and notify the victims. Both GMA and the firm’s external legal counsel, Linn Freedman of Robinson & Cole LLP, have not yet responded to requests for comment.