Morley Companies, an organization that provides business services to dozens of Fortune 500 companies, said this week it was hit with a ransomware attack last year that led to the leak of sensitive information for more than 500,000 people.
In a press release, the company said the ransomware attack began on August 1 and made their data “unavailable.” Despite requests for comment, the company would not explain why it waited until now to notify the 521,046 people affected, some of whom had their Social Security numbers leaked in the attack.
The company said the attack affected the information of “current employees, former employees and various clients.” The information leaked includes names, addresses, Social Security numbers, dates of birth, client identification numbers, medical diagnostic and treatment information, and health insurance information.
Morley said it hired cybersecurity experts to respond to the situation but needed six months to collect the “contact information needed to provide notice to potentially affected individuals.”
Morley does not say it was a ransomware attack in the public notice, but in the letters sent to victims, they provide more information. In filings with the Maine’s Office of the Attorney General, the company explains that 521,046 people were affected.
“That investigation revealed that a ransomware-type malware had prevented access to some data files on our system beginning August 1, 2021 and there was unauthorized access to some files that contained personal information. We then worked diligently to prevent further access and identify impacted individuals. Special