In a shocking revelation, Greylock McKinnon Associates (GMA), a prominent U.S. consulting firm, has announced a data breach in which hackers gained access to a staggering number of Social Security numbers. The breach was disclosed on Friday on Maine's government website, which serves as a platform for data breach notifications.

According to the data breach notice sent by GMA to affected victims, the cyberattack occurred in May 2023. The firm claims to have promptly taken steps to mitigate the incident. GMA specializes in providing economic and litigation support to various companies and government entities, including the U.S. Department of Justice (DOJ) in civil litigation matters.

Shedding light on the nature of the breach, the notice states that the personal information of affected individuals was obtained by the DOJ as part of an undisclosed civil litigation matter supported by GMA. However, the specific reasons and target of the DOJ's litigation remain unknown, as the department's spokesperson declined to comment.

GMA emphasizes that the individuals affected by the breach are not the subject of the ongoing investigation or associated litigation matters and reassures them that their current Medicare benefits or coverage remain unaffected. It further highlights that third-party cybersecurity specialists were consulted to aid in the response to the incident, and law enforcement and the DOJ were promptly notified.

The compromised personal information includes names, dates of birth, home addresses, some medical information and health insurance details, as well as Medicare claim numbers, which notably include the vulnerable Social Security Numbers. GMA has confirmed that as many as 341,650 Social Security numbers were stolen in the breach.

One concerning aspect of this incident is the prolonged nine-month delay in determining the full extent of the breach and notifying the affected victims. The reasons behind this delay remain unclear. Requests for comments from GMA and their outside legal counsel, Linn Freedman of Robinson & Cole LLP, have yet to be answered.

As the affected individuals grapple with the potential consequences of this extensive data breach, the spotlight intensifies on GMA's cybersecurity practices and the need for swift action in rectifying vulnerabilities to prevent similar incidents in the future.