In a disclosure on its website
, Campbell Conroy & O’Neil said the hackers encrypted and accessed a system that contains sensitive personal information, though it is unclear how much of the actual data was accessed or stolen. However, “certain information relating to individuals” was accessed, the company said.
“We determined that the information present in the system included certain individuals’ names, dates of birth, driver’s license numbers / state identification numbers, financial account information, Social Security numbers, passport numbers, payment card information, medical information, health insurance information, biometric data, and/or online account credentials (i.e. usernames and passwords),” the firm said in its disclosure. “Please note that the information varies by individual and for many individuals, a limited number of data types were determined to be accessible.”
According to its website
, Campbell Conroy & O’Neil serves a large array of Fortune 500 companies, including Ford, Boeing, Exxon Mobil, Quest Diagnostics, Liberty Mutual, Johnson & Johnson, Walgreens, Monsanto, FedEx and Coca-Cola, among others.
The hack was first detected on Feb. 27, sparking an investigation, the firm said in its disclosure.
In recent months, cybercriminals have increasingly targeted organizations that play critical roles across broad swaths of the US economy. A high-profile attack against Colonial Pipeline in May disrupted fuel shipments to gas stations all along the east coast, prompting widespread panic buying. A cyberattack against JBS Foods
led to a temporary shutdown of all nine of its US beef processing plants. And an attack against a key software vendor
hit a wide range of IT management companies and compromised hundreds of their corporate clients.