M&Y Reports Data Breach Affecting Sensitive Personal and Health Information
M&Y recently disclosed a data breach to the California Attorney General, revealing that unauthorized access to a server may have compromised sensitive personal identifiable information (PII) and protected health information (PHI). The incident was detected on November 25, 2025, when suspicious activity was identified within a server used for historical record-keeping.
An investigation confirmed that an unauthorized third party accessed and potentially acquired data, prompting M&Y to review the impacted records. The exposed information varies by individual but includes names, Social Security numbers, financial account details, driver’s license or ID numbers, dates of birth, health insurance data, and medical records.
On February 27, 2026, M&Y began notifying affected individuals via mail, providing details on the specific data exposed and offering complimentary credit monitoring services. The breach notice filed with California authorities outlines the scope of the incident and the steps taken in response.
Source: https://straussborrelli.com/2026/03/03/my-personal-injury-lawyers-data-breach-investigation/
M&Y Personal Injury Lawyers cybersecurity rating report: https://www.rankiteo.com/company/movaghar-&-yamin-plc
"id": "MOV1772555159",
"linkid": "movaghar-&-yamin-plc",
"type": "Breach",
"date": "11/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': 'Affected individuals',
'name': 'M&Y',
'type': 'Company'}],
'customer_advisories': 'Notified affected individuals via mail with details '
'on exposed data and offered complimentary credit '
'monitoring services',
'data_breach': {'data_exfiltration': 'Potentially acquired by unauthorized '
'third party',
'personally_identifiable_information': ['Names',
'Social Security '
'numbers',
'Financial account '
'details',
'Driver’s license or '
'ID numbers',
'Dates of birth',
'Health insurance '
'data',
'Medical records'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personal Identifiable '
'Information (PII)',
'Protected Health Information '
'(PHI)']},
'date_detected': '2025-11-25',
'date_publicly_disclosed': '2026-02-27',
'description': 'M&Y recently disclosed a data breach to the California '
'Attorney General, revealing that unauthorized access to a '
'server may have compromised sensitive personal identifiable '
'information (PII) and protected health information (PHI). The '
'incident was detected on November 25, 2025, when suspicious '
'activity was identified within a server used for historical '
'record-keeping. An investigation confirmed that an '
'unauthorized third party accessed and potentially acquired '
'data, prompting M&Y to review the impacted records. The '
'exposed information varies by individual but includes names, '
'Social Security numbers, financial account details, driver’s '
'license or ID numbers, dates of birth, health insurance data, '
'and medical records. On February 27, 2026, M&Y began '
'notifying affected individuals via mail, providing details on '
'the specific data exposed and offering complimentary credit '
'monitoring services.',
'impact': {'data_compromised': 'Sensitive personal identifiable information '
'(PII) and protected health information (PHI)',
'identity_theft_risk': 'High',
'payment_information_risk': 'High',
'systems_affected': 'Server used for historical record-keeping'},
'investigation_status': 'Completed',
'references': [{'source': 'California Attorney General'}],
'regulatory_compliance': {'regulatory_notifications': 'Filed breach notice '
'with California '
'Attorney General'},
'response': {'communication_strategy': 'Notified affected individuals via '
'mail, provided details on exposed '
'data, and offered complimentary '
'credit monitoring services'},
'threat_actor': 'Unauthorized third party',
'title': 'M&Y Reports Data Breach Affecting Sensitive Personal and Health '
'Information',
'type': 'Data Breach'}