San Francisco: Morley Companies that provides services to several Fortune 500 companies, has admitted it was hit with a ransomware attack that led to the leak of sensitive information for more than 500,000 people.
The incident began on August 1, 2021, when Morley’s data became unavailable.
Michigan-based Morley thereafter began collecting contact information needed to provide notice to potentially affected 521,046 individuals, which was completed in early 2022, the company said last week.
Some of them had their Social Security numbers leaked in the attack.
Morley said it also provided access to complimentary credit monitoring and identity theft protection services to individuals whose Social Security numbers may have been involved in the incident.
“The following personal and protected health information may have been involved in the incident: name, address, Social Security number, date of birth, client identification number, medical diagnostic and treatment information, and health insurance information,” the company said.
“We are not aware of the misuse of any potentially affected individual’s information,” the company added.
Morley hired cybersecurity experts to respond to the situation but needed six months to collect the “contact information needed to provide notice to potentially affected individuals”.
In filings with the Maine’s Office of the Attorney General, the company explains that 521,046 people were affected.
“That investigation revealed that a ransomware-type malware had prevented access to some data files on our system beginning August 1, 2021 and there was unauthorized access to some files that contained personal information,” said the company.