Hackers stole over 340,000 social security numbers from consulting firm
Hackers stole as many as 341,650 social security numbers through a data breach at Greylock McKinnon Associates (GMA), a Boston-based provider of economic and litigation consulting.
The data breach was disclosed on Friday on Maine’s government website. GMA also last week contacted affected parties about the breach.
The stolen information was compiled as part of a civil legal case involving the US Department of Justice, on which GMA was providing support. The DOJ sent GMA the information as part of the consulting engagement.
GMA said it detected a cyberattack in May 2023 and then promptly engaged third-party specialists and notified law enforcement and the DOJ. GMA received confirmation of which individuals’ information had been compromised and obtained their contact addresses on February 7, approximately eight months later.
The information may include name, date of birth, address, Medicare health insurance claim number (which includes a social security number), some medical information, and health insurance information.
GMA is offering affected parties 24 months of identity theft protection service and credit monitoring.
Hackers prioritize soft and “weak link” targets for sensitive information – including consulting firms and third-party vendors working with government agencies. It is generally easier to find holes in the cyber defenses of a boutique, lower-resourced consulting firm than at the Department of Justice.
Acuity, a federal IT consultancy, also announced last week that it had suffered a data breach. Hackers stole communications between the US and its Five Eyes intelligence partners from Acuity’s GitHub repositories, although the consultancy said the information was dated and non-sensitive.