US consulting firm Greylock McKinnon Associates disclosed a data breach in which hackers stole up to 341,650 social security numbers.
The data breach was disclosed on Friday at Maine Government Websitewhere the state publishes data breach notices.
In data breach notification mailed to affected victims;GMA said it was hit by an unspecified cyber attack in May 2023 and “immediately took steps to mitigate the incident.”
GMA provides financial and litigation support to US companies and government agencies, including the US Department of Justice, in civil litigation. According to its data breach notification, GMA told affected individuals that their personal information was “obtained by the US Department of Justice (“DOJ”) as part of a civil action” supported by GMA.
The reasons and goal of the DOJ civil action are not known. A spokesman for the Justice Department did not respond to a request for comment.
GMA said the people notified of the data breach “are not the subject of this investigation or related legal matters” and that the cyberattack “does not affect current Medicare benefits or coverage.”
“We consulted with third-party cybersecurity experts to assist in our response to the incident and notified law enforcement and the Department of Justice. We received confirmation of the affected individuals’ details and received their contact addresses on February 7, 2024,” the company wrote.
GMA told victims that “your personal and Medicare information was likely affected in this incident,” which includes names, dates of birth, home addresses, certain medical and health insurance information, and Medicare claim numbers, which included Nos. Social Security.
It is unclear why it took GMA nine months to determine the extent of the breach and notify victims.
GMA and the company’s outside legal counsel, Linn Freedman of Robinson & Cole LLP, did not immediately respond to a request for comment.
