The personal information of 521,000 people may have been exposed in a data breach at a business services company based in Saginaw, Michigan.
Cyber-criminals targeted Morley Companies last year in an attack detected on August 1, when data in the company’s care suddenly became unavailable.
On Friday, Michigan attorney general Dana Nessel confirmed that “a data security incident that may have impacted data belonging to current employees, former employees and various clients” had been reported by Morley.
Morley said that “leading independent cybersecurity experts” hired by the company to investigate the attack had determined that “additional data may have been obtained from its digital environment.”
In a data security incident notice, Morley stated that the incident may have involved both personal identifiable information (PII) and protected health information (PHI). Data that may have been compromised included names, addresses, Social Security numbers, dates of birth, client identification numbers, medical diagnostic and treatment information and health insurance information.
Nessel warned all the potentially impacted individuals to treat any emails, phone calls and text messages asking for bank information as suspicious.
“Watch out for fraudulent emails, phone calls, and text messages seeking personal or banking information in connection to the Morley breach,” said Nessel in a statement issued February 11.
She added: “If you receive other correspondence that asks you do to something like call a number to confirm your personal information, assume it’s a scam.”
Morley said it began notifying potentially impacted individuals of the incident at the start of February and that it has “made alterations to its cyber environment to help prevent similar incidents from occurring in the future.”
The company said its investigation into the cyber-attack had found no evidence indicating the misuse of any information potentially involved in the data breach.
Morley has provided access to complimentary credit monitoring and identity theft protection services to individuals whose Social Security numbers may have been involved in the incident.
The company said: “The privacy and protection of personal and protected health information is a top priority for Morley, which deeply regrets any inconvenience or concern this incident may cause.”