GMA’s Data Breach Compromises 341,650 Social Security Numbersand Other Personal Details
- A government consulting firm Greylock McKinnon Associates (GMA) was attacked by hackers. 341,650 social security numbers have been stolen.
- Law enforcement authorities and the DOJ have already been notified. GMA also sent an email notifying the affected users.
- GMO is seeking help from cybersecurity experts to minimize the damage.
After the AT&T data breach, US citizens have been hit by another storm. On Friday (April 5, 2024), Maine's government website posted a notification announcing that the U.S. consulting firm Greylock McKinnon Associates (GMA) has been attacked by hackers, and as a result, 341,650 social security numbers have been stolen.
GMA said that the breach first came to light in May 2023 and the company soon took necessary steps to mitigate the damage. However, it wasn't until February 2024 that they could identify the affected users and send them an email notifying them about the attack. Why it took them so many months remains a big question.
In the email, the company has specified details of the attack including a list of information that has been stolen. This includes the victim's name, date of birth, phone numbers, health insurance records, medical information, Medicare claim number, and of course, their social security number.Although the company has assured that the affected users' current Medicare coverage won't be affected, it's tough to put a finger on what the attackers are capable of.
Read more: Microsoft Azure's largest data breach in history shocks the cybersecurity world.
Why is the GMA data breach a massive concern?Every single data breach is concerning-people's personal details being stolen and sold online is a disturbing matter, regardless of the context. However, GMA's role as a company makes matters more complicated.
GMA provides economic and litigation support to many companies and US agencies, including the Department of Justice (DOJ). This means that the stolen information will not only affect users on a personal level but might also interfere with ongoing legal proceedings and organizational trust.We don't know how effective it will be, but the company has removed all DOJ data from its system after the attack.On a side note, the company clarified that the personal details of a few people that were obtained by the DOJ were a part of a civil litigation matter." The DOJ didn't take any information by unfair means. It was also clarified that the users who were targeted in the hack are not the subject of this investigation or the associated litigation matters."
So, why their details were stolen, who is behind the attack, and how it links to the litigation are all huge question marks as of now.
What happens now?GMA has assured that it has taken outside help from cybersecurity experts to handle the situation. Other necessary law enforcement departments, including the DOJ, have been notified about the incident.It seems the company is handling the situation well, but post-attack efforts mean nothing to the victims. They have raised questions about the company's security and crisis management protocols. The delay in the investigation (considering the attack happened in May 203) has also irked many.
To appease the unhappy customers, GMA has decided to offer them free access to Single Bureau Credit Monitoring/Single Bureau Credit Report/Single Bureau Credit Score services. By enrolling for these services, the users will get notification whenever there's a change to their credit file for 24 months. Detailed instructions on how they can enroll for these services have been added to the email.
GMA, the DOJ, and Linn Freedman of Robinson & Cole LLP (GMA's outside legal counsel) have not responded to any requests for comment yet.
The post GMA's Data Breach Compromises 341,650 Social Security Numbersand Other Personal Details appeared first on The Tech Report.