DOJ ‘not aware of any’ identity theft, fraud following consultant’s data breach

The Justice Department, which provided the Medicare information to Greylock McKinnon Associates as part of a civil litigation matter, was notified of the breach in May 2023, a DOJ spokesperson said.
Department of Justice Building Sign DOJ
(Getty Images)

A data breach that exposed Medicare information — including social security numbers — provided to consulting firm Greylock McKinnon Associates by the Justice Department doesn’t appear to have resulted in identity theft or fraud yet, according to a statement from the agency.

“While the Justice Department is not aware of any specific reports of identity theft or other fraud resulting from this incident, the Department has ensured that those impacted have been offered fraud resolution services and credit monitoring,” Wyn Hornbuckle, a DOJ spokesperson, said in an email to FedScoop. “The investigation of this matter is ongoing.”

The response from the DOJ follows a public disclosure of the Boston-based consulting firm’s  breach last week on the Office of the Maine Attorney General’s website. According to that disclosure, first reported by TechCrunch, Greylock McKinnon Associates experienced a cyberattack in May 2023 that likely compromised Medicare information of 341,650 people, including their social security numbers. 

That information was obtained by the Justice Department “as part of a civil litigation matter” and given to the firm, which provides litigation support, in its “provision of services to the DOJ in support of that matter,” according to a letter GMA sent to people affected by the incident.


In that letter, GMA said it “detected unusual activity on our internal network” last May and “promptly took steps to mitigate the incident.” The firm said it worked with a third-party cybersecurity specialist in its response, notified DOJ and law enforcement, and in February, received confirmation of who was affected and their contact information. 

Hornbuckle said the firm notified the DOJ of the breach in May, “after which the Department required that Greylock identify those affected and immediately began its own process to address the breach.”

GMA could not be reached for comment. 

Madison Alder

Written by Madison Alder

Madison Alder is a reporter for FedScoop in Washington, D.C., covering government technology. Her reporting has included tracking government uses of artificial intelligence and monitoring changes in federal contracting. She’s broadly interested in issues involving health, law, and data. Before joining FedScoop, Madison was a reporter at Bloomberg Law where she covered several beats, including the federal judiciary, health policy, and employee benefits. A west-coaster at heart, Madison is originally from Seattle and is a graduate of the Walter Cronkite School of Journalism and Mass Communication at Arizona State University.

Latest Podcasts