Greylock McKinnon Associates, a Boston consulting firm that provides support services in civil litigation matters, suffered a data breach that impacted 341,650 people.
The breach occurred May 30, 2023, it was discovered Feb. 7, and consumers were notified Friday (April 5), the company said in an April 5 data breach notification filed with the Office of the Maine Attorney General.
The data breach notification described the breach as “external system breach (hacking)” and said the hackers acquired people’s names or other personal identifiers in combination with Social Security numbers.
The Social Security numbers were contained in Medicare health insurance claim numbers, according to a consumer notification letter submitted along with the data breach notification.
The information accessed by the hackers had been obtained by the U.S. Department of Justice (DOJ) as part of a civil litigation matter and provided to Greylock McKinnon Associates as part of the firm’s services to the DOJ in support of that matter, per the letter.
“On May 30, 2023, we detected unusual activity on our internal network, and we promptly took steps to mitigate the incident,” the letter said. “We consulted with third-party cybersecurity specialists to assist with our response to the incident, and we notified law enforcement and the DOJ. We received confirmation of which individuals’ information was affected and obtained their contact addresses on February 7, 2024.”
This news comes on the heels of several other data breaches.
On March 30, AT&T said personal data of several million customers was leaked onto the dark web, including 7.6 million current AT&T account holders and 65.4 million former account holders.
The telecom giant said its investigation found that “AT&T data-specific fields” were part of the data set but that the company does not have evidence of unauthorized access to its systems. It’s not clear whether those fields originated from AT&T or one of its vendors.
On March 4, American Express notified customers of a data breach at a third-party service provider that is used by many merchants.
The unnamed service provider “experienced unauthorized access to its system,” and account information of some American Express card members may have been involved.