in Newswire Published on April 26, 2024

Greylock McKinnon Associates Hit with Class Action Over Data Breach Affecting 341K People

by Kelsey McCroskey

View Comments

Gregel v. Greylock McKinnon Associates, Inc.

Filed: April 11, 2024 § 1:24-cv-10946

Read Complaint

A class action alleges that lax cybersecurity practices on the part of GMA resulted in a data breach discovered by the consulting firm in May 2023.

Defendant(s)

Greylock McKinnon Associates, Inc.

Law(s)

State(s)

Massachusetts

Categories

Privacy Data Breach

A proposed class action alleges that lax cybersecurity practices on the part of Greylock McKinnon Associates (GMA) resulted in a data breach discovered by the consulting firm in May 2023.

Want to stay in the loop on class actions that matter to you? Sign up for ClassAction.org’s free weekly newsletter here.

The 40-page Greylock McKinnon Associates data breach lawsuit says the personal information of more than 341,000 individuals was compromised in the cyberattack that targeted the firm, which provides economic analysis and litigation support for business and government clients, such as the U.S. Department of Justice (DOJ).

According to the data breach suit, the exposed information may have included clients’ names, Social Security or individual taxpayer identification numbers, dates of birth, addresses, telephone numbers, driver's license or state ID numbers, Medicare beneficiary identifiers, medical information and health insurance details.

The case contends that by obtaining and using consumers’ private data, the firm was legally obligated to protect the information from falling into the hands of unauthorized third parties.

However, despite its duty, the defendant failed to implement adequate data security protocols and stored the sensitive information unencrypted and unredacted in its computer systems, the complaint alleges. As the filing tells it, GMA could have prevented the data breach entirely had it properly encrypted its servers and the personal information stored therein.

The plaintiff, an Ohio resident whose personal data was provided to the firm by the DOJ in connection with a civil litigation matter, says she received notice in early April 2024 informing her that her private information had been exposed in the breach. Like other data breach victims, the woman now faces a heightened and ongoing risk of being targeted for cybercrimes, such as identity theft and fraud, the case asserts.

The lawsuit looks to represent anyone in the United States whose private information was compromised in the Greylock McKinnon Associates data breach.

Get class action lawsuit news sent to your inbox – sign up for ClassAction.org’s free weekly newsletter here.

Case Spotlight

Video Game Addiction Lawsuits

If your child suffers from video game addiction — including Fortnite addiction or Roblox addiction — you may be able to take legal action. Gamers 18 to 22 may also qualify.

Learn more:Video Game Addiction Lawsuit

Depo-Provera Lawsuits

Anyone who received Depo-Provera or Depo-Provera SubQ injections and has been diagnosed with meningioma, a type of brain tumor, may be able to take legal action.

Read more: Depo-Provera Lawsuit

How Do I Join a Class Action Lawsuit?

Did you know there's usually nothing you need to do to join, sign up for, or add your name to new class action lawsuits when they're initially filed?

Read more here: How Do I Join a Class Action Lawsuit?

ClassAction.org Newsletter

Stay Current

Sign Up For
Our Newsletter

New cases and investigations, settlement deadlines, and news straight to your inbox.

This browser does not support PDFs. Please download the PDF to view it: Download PDF.
Open Document
Last Updated on April 26, 2024 — 9:24 AM

Kelsey McCroskey

kelsey@classaction.org

Kelsey works primarily on ClassAction.org’s newswire, reporting on cases as they happen.

About ClassAction.org

ClassAction.org is a group of online professionals (designers, developers and writers) with years of experience in the legal industry.

Learn More

Before commenting, please review our comment policy.