Over 500,000 people were impacted by a ransomware attack that hit Morley

Business services firm Morley was hit by a ransomware attack that may have exposed data of +500,000 individuals.

Business services company Morley was victim of a ransomware attack that may have resulted in a data breach impacting more than 500,000 individuals.

Morley Companies is a United States corporation that provides business services to Fortune 500 and Global 100 clients; contact centers and back office processing; meetings and incentives management; and exhibits and displays production.

In letters sent to impacted individuals, the company said that the ransomware infection was discovered in August 2021. The investigation conducted with the help of independent cybersecurity experts, revealed that threat actors stole the personal information of 521,046 individuals, including employees, contractors, and clients.

“As a result, Morley learned that additional data may have been obtained from its digital environment. Morley thereafter began collecting contact information needed to provide notice to potentially affected individuals, which was completed in early 2022.” reads security incident notification sent by the company. “Morley is not aware of any evidence indicating the misuse of any information potentially involved in this incident.”

Stolen data may include: name, address, Social Security number, date of birth, client identification number, medical diagnostic and treatment information, and health insurance information.

Morley is offering individuals whose SSNs have been exposed 24 months of free credit and identity monitoring services via IDX.

“Special programming was required and unique processes had to be built in order to begin analyzing the data. The data complexity also required special processes to search for and identify key information,” reads a notification filed with Maine’s Office of the Attorney General. “This process was lengthy but necessary to ensure appropriate notification occurred. On January 18, 2022, it was confirmed that your information was involved. Importantly, Morley Companies is not aware of any misuse of your personal information due to this incident.”

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Morley)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.