McKim & Creed Engineering Firm Suffers Cyberattack

June 18, 2024

INCIDENT

Raleigh, North Carolina-based McKim & Creed suffered a cyberattack on its network that disrupted some business aspects.
“On February 11, 2024, McKim & Creed discovered suspicious activity on certain computer systems, resulting in the disruption of certain business functions,” the company said in an advisory last week. “McKim & Creed immediately responded and launched an investigation with outside cybersecurity specialists to confirm the nature and scope of the incident and restore impacted computer systems to full, secure operability.
“Through the investigation, McKim & Creed learned that an unauthorized actor accessed its systems and may have viewed or acquired business data containing certain employee information between December 15, 2023 to February 11, 2024. McKim & Creed conducted a review of the data that was potentially viewed or acquired to determine whether it contained any sensitive information.
“While the review was ongoing, McKim & Creed notified certain impacted individuals of the incident on February 28, 2024. On May 3, 2024, McKim & Creed determined what personal information related to employees and dependents was included in the potentially impacted data set. After determining the scope of information in the potentially impacted files, McKim & Creed undertook efforts to locate address information for the affected individuals, put resources in place to assist, and provide direct notice.”

Incident Date

February 11, 2024

Estimated Cost

Unknown at this time

Type of Malware

No Malware identified

Threat Source

No threat source identified