McKim & Creed Data Breach Affects 7,079 Individuals, Exposing These Info Types

On February 11, 2024, McKim & Creed, Inc., a civil engineering firm, discovered suspicious activity on certain computer systems, leading to the disruption of some business functions. The company promptly responded by launching an investigation with the help of outside cybersecurity specialists to determine the nature and scope of the incident and to restore the affected systems to full, secure operability. The investigation revealed that an unauthorized actor had accessed McKim & Creed’s systems and potentially viewed or acquired business data containing employee information between December 15, 2023, and February 11, 2024.

The review of the potentially impacted data was completed on May 3, 2024, and it was determined that sensitive personal information was included in the compromised data set. The exposed information includes:

• Name
• Address
• Social Security Number
• Driver’s License number
• Medical Information
• Date of Birth

Overall, 7,079 individuals in the United States were affected by this breach, with 633 individuals in Texas and 4 individuals in Maine. The company began notifying affected consumers on June 6, 2024, via written notice through U.S. Mail.

McKim & Creed's Response

Upon discovering the breach, McKim & Creed took immediate steps to investigate and respond to the incident. They assessed the security of their systems and identified potentially affected individuals. The company notified federal law enforcement about the event and is working to implement additional safeguards to prevent future incidents.

To support those affected, McKim & Creed is offering 12 months of complimentary credit monitoring services through Experian. This includes access to Experian IdentityWorks, which provides features such as daily credit reports, credit monitoring, identity restoration, and $1 million in identity theft insurance coverage.

Steps to Take if You Are Affected by the Data Breach

If you have been notified that your information was compromised in this data breach, it is essential to take the following steps to protect yourself:

1. Enroll in Credit Monitoring Services: Take advantage of the complimentary 12-month Experian IdentityWorks membership offered by McKim & Creed. Follow the enrollment instructions provided in the notification letter.
2. Monitor Your Accounts: Regularly check your bank and credit card statements for any suspicious activity. Report any unauthorized transactions to your financial institution immediately.
3. Place a Fraud Alert or Credit Freeze: Consider placing a fraud alert or credit freeze on your credit file with the three major credit reporting bureaus (Equifax, Experian, and TransUnion) to prevent new accounts from being opened in your name without your consent.
4. Review Your Credit Reports: Obtain a free copy of your credit report from each of the three major credit reporting bureaus through AnnualCreditReport.com and review them for any inaccuracies or unfamiliar accounts.
5. Report Identity Theft: If you suspect that your information has been misused, file a report with the Federal Trade Commission and your local law enforcement agency.

For more information about the data breach, you can view the disclosure on the Maine Attorney General's website, the disclosure on the Texas Attorney General's website, and the disclosure on the Massachusetts Attorney General's website.