DOJ data on 341,000 people leaked in cyberattack on consulting firm

Medicare and other information belonging to 341,000 people was leaked after a consulting firm working with the Department of Justice was hacked.

Greylock McKinnon Associates reported a data breach to regulators in Maine on Friday, telling victims that personal information like Social Security numbers and more were accessed during an incident last May.

The company said it provides “litigation support services in civil litigation matters” and said those affected by the breach originally had information obtained by the U.S. Department of Justice “as part of a civil litigation matter.”

“We received your information in our provision of services to the DOJ in support of that matter. DOJ has advised us that you are not the subject of this investigation or the associated litigation matters. The DOJ informed GMA that this incident does not impact your current Medicare benefits or coverage,” the firm said. 

Names, dates of birth, addresses, Medicare Health Insurance Claim Numbers — which contains a Social Security number associated with a member — and some medical or health insurance information was accessed by the hackers.

Greylock McKinnon Associates said its IT team initially discovered the incident on May 30, 2023 but was only able to confirm who was affected in February. 

The consulting firm says it “deleted DOJ data from its systems after the incident.” The Justice Department did not respond to requests for comment about the particulars of the incident.