A major data breach at Greylock McKinnon Associates (GMA), a U.S. consulting firm that works with government agencies, has compromised the Social Security numbers of over 340,000 individuals. The breach, which occurred in May 2023, remained undisclosed until recently.
According to a notification on Maine’s government website, affected individuals included those whose personal information was obtained by the Department of Justice (DOJ) for a civil litigation matter supported by GMA.
The exact cause of the breach and the target of the DOJ litigation are unknown. The Justice Department has not responded to inquiries. GMA assures those notified that they are not under investigation and their Medicare benefits remain unaffected.
The firm claims to have involved cybersecurity experts, notified law enforcement and the DOJ, and only recently confirmed the affected individuals and obtained their contact information. The notification details that exposed data likely includes names, dates of birth, addresses, some medical and health insurance information, and Medicare claim numbers, including Social Security numbers. Questions remain regarding the nine-month delay in notifying victims after the breach as GMA and its legal counsel have not yet responded to requests for comment.
Philips Babatunde