Business services company Morley was victim of a ransomware attack that may have resulted in a data breach impacting more than 500,000 individuals.
Morley Companies is a United States corporation that provides business services to Fortune 500 and Global 100 clients; contact centers and back office processing; meetings and incentives management; and exhibits and displays production.
In letters sent to impacted individuals, the company said that the ransomware infection was discovered in August 2021. The investigation conducted with the help of independent cybersecurity experts, revealed that threat actors stole the personal information of 521,046 individuals, including employees, contractors, and clients.
“As a result, Morley learned that additional data may have been obtained from its digital environment. Morley thereafter began collecting contact information needed to provide notice to potentially affected individuals, which was completed in early 2022.” reads security incident notification sent by the company. “Morley is not aware of any evidence indicating the misuse of any information potentially involved in this incident.”
Stolen data may include: name, address, Social Security number, date of birth, client identification number, medical diagnostic and treatment information, and health insurance information.
Morley is offering individuals whose SSNs have been exposed 24 months of free credit and identity monitoring services via IDX.
“Special programming was required and unique processes had to be built in order to begin analyzing the data. The data complexity also required special processes to search for and identify key information,” reads a notification filed with Maine’s Office of the Attorney General. “This process was lengthy but necessary to ensure appropriate notification occurred. On January 18, 2022, it was confirmed that your information was involved. Importantly, Morley Companies is not aware of any misuse of your personal information due to this incident.”
(SecurityAffairs – hacking, Morley)