DM&C suffered a data breach where an unauthorized third party gained access to its internal systems between May 19 and May 22, 2025, potentially compromising sensitive personal and health information. The exposed data includes names, Social Security numbers, addresses, dates of birth, medical treatment/history, and health insurance details. While the exact number of affected individuals remains undisclosed, DM&C initiated an investigation, confirmed the breach, and began notifying impacted parties via mail on November 24, 2025, alongside offering complimentary credit monitoring services. The breach notice was also published on the company’s website, highlighting the severity of the incident, which involved highly sensitive personally identifiable information (PII) and protected health information (PHI).
Source: https://straussborrelli.com/2025/11/25/davies-mcfarland-carroll-data-breach-investigation/
DAYO Media & Communications cybersecurity rating report: https://www.rankiteo.com/company/dayo-media-&-communications
"id": "DAY1411014112625",
"linkid": "dayo-media-&-communications",
"type": "Breach",
"date": "5/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Unknown (notification letters '
'mailed to impacted individuals)',
'name': 'DM&C',
'type': 'Organization'}],
'customer_advisories': ['Breach notice posted on website',
'Notification letters mailed to impacted individuals '
'with details of exposed data and credit monitoring '
'services'],
'data_breach': {'data_exfiltration': 'Potential (unauthorized access and '
'acquisition confirmed)',
'personally_identifiable_information': ['Name',
'Social Security '
'number',
'Address',
'Date of birth',
'Medical '
'treatment/history',
'Health insurance '
'information'],
'sensitivity_of_data': 'High (includes SSNs, medical history, '
'and health insurance information)',
'type_of_data_compromised': ['PII', 'PHI']},
'date_detected': '2025-05-22',
'date_publicly_disclosed': '2025-11-24',
'description': 'DM&C announced a data breach where unauthorized access to '
'internal records occurred between May 19 and May 22, 2025. '
'Sensitive personal identifiable information (PII) and '
'protected health information (PHI) were potentially '
'compromised, including names, Social Security numbers, '
'addresses, dates of birth, medical treatment/history, and '
'health insurance information. DM&C launched an investigation, '
'posted a breach notice on its website, and began mailing '
'notification letters to affected individuals on November 24, '
'2025. Complimentary credit monitoring services were offered '
'to impacted individuals.',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'exposure of sensitive PII/PHI',
'data_compromised': ['Name',
'Social Security number',
'Address',
'Date of birth',
'Medical treatment/history',
'Health insurance information'],
'identity_theft_risk': 'High (due to exposure of SSNs and PHI)',
'systems_affected': ['Internal records']},
'initial_access_broker': {'high_value_targets': ['PII', 'PHI']},
'investigation_status': 'Ongoing (as of November 24, 2025, review of impacted '
'data and individuals in progress)',
'references': [{'source': 'DM&C Breach Notice (Website)'}],
'response': {'communication_strategy': ['Breach notice posted on website',
'Notification letters mailed to '
'impacted individuals (November 24, '
'2025)'],
'incident_response_plan_activated': 'Yes (investigation '
'launched)',
'recovery_measures': ['Credit monitoring services offered to '
'affected individuals']},
'threat_actor': 'Unauthorized third party',
'title': 'DM&C Data Breach Involving Sensitive Personal and Health '
'Information',
'type': ['Data Breach', 'Unauthorized Access']}