Greylock McKinnon Associates data breach exposed DOJ data of 341650 people

Pierluigi Paganini April 08, 2024

Greylock McKinnon Associates, a service provider for the Department of Justice, suffered a data breach that exposed data of 341650 people.

Greylock McKinnon Associates (GMA) provides expert economic analysis and litigation support to a diverse group of domestic and international clients in the legal profession, the business community, and government agencies, including the Department of Justice (DoJ).

GMA disclosed a data breach that impacted medicare and other information belonging to 5465 people. Greylock McKinnon is investigating the data breach with the help of third-party cybersecurity specialists, they also notified law enforcement of the incident.

The data breach occurred on May 30, 2023, and was discovered on February 7, 2024. 

The company announced that it deleted DOJ data from its systems after the incident.

According to the data breach notification sent by Greylock McKinnon Associates to the Main Attorney General, the company was the victim of a sophisticated cyberattack.

“Greylock McKinnon Associates, Inc. (“GMA”) was the victim of a sophisticated cyberattack involving your personal information.” reads the data breach notification.

“On May 30, 2023, we detected unusual activity on our internal network, and we promptly took steps to mitigate the incident. We consulted with third-party cybersecurity specialists to assist with our response to the incident, and we notified law enforcement and the DOJ. We received confirmation of which individuals’ information was affected and obtained their contact addresses on February 7, 2024.”

The notification states that individuals affected by the incident originally had information obtained by the U.S. Department of Justice as part of a civil litigation matter.

The company received the information of the impacted individuals in their provision of services to the DOJ in support of that matter.

“DOJ has advised us that you are not the subject of this investigation or the associated litigation matters. The DOJ informed GMA that this incident does not impact your current Medicare benefits or coverage.” continues the notification.

Compromised data exposed personal and Medicare information of the individuals, including name, date of birth, address, Medicare Health Insurance Claim Number (which contains a Social Security number associated with a member) and some medical information and/or health insurance information.

The company is offering 24 months of free Cyberscout IdentityWorks identity theft protection and credit monitoring services to the impacted individuals.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, data breach)

you might also like

leave a comment