Hackers recently stole hundreds of thousands of social security numbers from an American consulting firm, with victims across the US possibly affected.
Greylock McKinnon Associates (GMA) has filed a new report with the Office of the Maine Attorney General, and sent a breach notification email to affected individuals.
In its filing, the company said that 341,650 individuals have had their sensitive data, and Social Security Numbers (SSN), stolen by unidentified threat actors.
Identities unknown
In the letter, seen by TechCrunch, GMA told the victims that it fell prey to a “sophisticated cyberattack” in May last year. In the attack, the threat actors stole people’s names, birth dates, addresses, and Medicare Health Insurance Claim Numbers, which also contained Social Security Numbers associated with a member.
Furthermore, “some” medical information and/or health insurance information was also stolen. While the attack did happen almost a year ago, it was in early February that GMA was notified that it had resulted in the theft of sensitive, personal data. It is unclear why GMA took so long to conclude its investigation of the breach.
GMA is a consulting firm providing litigation support services in civil litigation matters. The data it held was obtained by the U.S. Department of Justice (DoJ) as part of a civil litigation matter, and then passed over to the company. “We received your information in our provision of services to the DOJ in support of that matter,” GMA said in the letter. “DOJ has advised us that you are not the subject of this investigation or the associated litigation matters. The DOJ informed GMA that this incident does not impact your current Medicare benefits or coverage.”
The identity of the attackers, or their motives, remain unknown. No threat actors have assumed responsibility for the attack just yet. It is also no known if the data was grabbed from a specific litigation process.