The California Office of the Attorney General disclosed that McKinney & Company suffered a data breach on April 1, 2020, compromising the personal information of undetermined clients. The exposed data included highly sensitive details such as full names, Social Security numbers, and bank account information. The breach was formally reported on June 12, 2020, nearly two and a half months after the incident occurred. The delay in disclosure raises concerns about the company’s incident response protocols and the potential misuse of the stolen data during the interim period. The nature of the leaked information particularly Social Security numbers and financial records poses severe risks, including identity theft, financial fraud, and long-term reputational damage for affected clients. Given the sensitivity of the compromised data, the breach likely falls under regulatory scrutiny, potentially triggering legal obligations for notification, remediation, and compliance penalties. The incident underscores vulnerabilities in McKinney & Company’s cybersecurity defenses, particularly in safeguarding personally identifiable information (PII) from unauthorized access or exfiltration.
Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-190825
TPRM report: https://www.rankiteo.com/company/mckinney-and-company-cpa
"id": "mck1007091725",
"linkid": "mckinney-and-company-cpa",
"type": "Breach",
"date": "4/2020",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Undetermined',
'name': 'McKinney & Company',
'type': 'Organization'}],
'data_breach': {'number_of_records_exposed': 'Undetermined',
'personally_identifiable_information': ['full names',
'Social Security '
'numbers'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Financial Data']},
'date_detected': '2020-04-01',
'date_publicly_disclosed': '2020-06-12',
'description': 'The California Office of the Attorney General reported that '
'McKinney & Company experienced a data breach on April 1, '
"2020, affecting potentially undetermined clients' personal "
'information such as full names, Social Security numbers, and '
'bank account details.',
'impact': {'data_compromised': ['full names',
'Social Security numbers',
'bank account details'],
'identity_theft_risk': 'High (PII exposed)',
'payment_information_risk': 'High (bank account details exposed)'},
'references': [{'source': 'California Office of the Attorney General'}],
'regulatory_compliance': {'regulatory_notifications': ['California Office of '
'the Attorney '
'General']},
'title': 'McKinney & Company Data Breach (2020)',
'type': 'Data Breach'}