facebook twitter instagram linkedin google youtube vimeo tumblr yelp rss email podcast phone blog search brokercheck brokercheck Play Pause

DOJ Letter to Breached Clients

Client Update

Department of Justice Data Breach Mailing

April 16, 2024

            Recently a few clients have received a letter from the United States Department of Justice (DOJ) regarding a data security incident that occurred last May. In an effort to keep our clients and their loved ones informed, Menninger & Associates (M&A) has prepared this client update to notify clients of what occurred, who might be affected, and best steps moving forward. This data breach seems to be impacting people that are currently on Medicare, however we cannot confirm that at this time. Please feel free to pass this along to anyone that you believe may have been impacted.

What happened

            The DOJ uses a contractor, Greylock, McKinnon, and Associates (GMA) to provide litigation support services in civil litigation matters. The DOJ obtained your sensitive information such as Name, Social Security Number, Date of Birth, etc. and provided it to GMA in support of a civil investigation. On May 30, 2023, GMA discovered that they were the target of a ransomware attack by hackers. During the attack, hackers were able to gain access to some of the sensitive information that GMA was using in its civil investigation. GMA has since deleted all DOJ files from its systems, however over 340,000 people are estimated to be affected by this attack.

Next Steps: 

            In an effort to notify the victims of the attack, the DOJ sent out mailings to their home address. Mailings are just now starting to be received, so keep an eye out in your mail in the coming weeks. In this mailing, there is a complimentary 12 months of credit monitoring from Sontiq that will be provided at no cost. Sontiq is a company that is a part of Transunion, one of the 3 credit reporting agencies in the United States, that provides identity protection and cybersecurity solutions. Here at M&A, we recommend the following actions:

  • Enroll in Sontiq for the 12-month free credit monitoring. Please note that this is only free for those who received a letter from the DOJ regarding this cyberattack. If you wish to purchase this service without receiving a letter from the DOJ, it will cost you $29.95/month.
  • Request a free credit report from each of the credit reporting agencies to determine if there is any fraudulent activity that has occurred. The three credit reporting agencies are Transunion, Equifax, and Experian. Call 1-877-322-8228 or go online at www.annualcreditreport.com to request your free credit report.
  • When contacting the credit reporting agencies, consider placing a credit freeze or fraud alert on your credit report. A credit freeze lets you restrict access to your credit report, which makes it difficult for identity thieves to open new accounts in your name. A fraud alert advises creditors to contact you before opening any new accounts. Both the credit freeze and fraud alert are free to set up.
  • If you see suspicious activity on your credit report, please contact local law enforcement and file a police report. When you do, be sure to obtain a copy of the police report as many creditors will require this to absolve you of any fraudulent debts.

Prevent Identity Theft:


  1. Create an online Social Security account
    • Even if you are not collecting, create an account so that people looking to fraudulently use your identity cannot.
  2. Freeze your four credit reports
    • This restricts access to credit reports and should prevent new accounts from being opened in your name.
  3. Protect your information
    • Shred sensitive documents, sign up for e-delivery of financial statements, and don’t give your Social Security number out to people who contact you in an unsolicited fashion.

Watch Out for Tricks:

  1. Account takeovers
    • Do not click on links or attachments in emails that you were not expecting or seem suspicious.
  2. Wire transfer fraud
    • It is important to verify wire transfers by phone or in person before sending money. Be wary of any last-minute wire instruction changes.
  3. Ransomware
    • Beware of pop-ups and attachments in emails that could lock your computer or files.

Protect Your Computer:

  1. Beware of pop-ups
    • Don’t click to exit out of pop-ups that seem suspicious. Instead hold down three keys: CTRL + ALT + DELETE (Windows) or CMD + Option + Escape (Mac) to remove them.
  2. Update and back up
    • Make sure your operating system software and antivirus software is updated, and back up your files on a regular basis.
  3. Use passphrases instead of passwords
    • These protect us better against brute force attacks and credential stuffing, which are popular methods of used by cybercriminals.

If you have any further questions or concerns, please contact M&A at 610-422-3773 or the DOJ at 1-844-979-6702.

(610) 422-3773