Cyber Incident Victim: Taylor, Ganson & Perrin

On January 23, 2022, Taylor, Ganson & Perrin LLP detected unusual activity on certain computer systems. The Boston-based law firm promptly disconnected the affected systems from its network and initiated an investigation to determine the incident’s source and scope. By January 27, 2022, the investigation confirmed that an unauthorized actor had accessed and/or acquired data from the firm’s environment, though the specific nature and extent of the compromised information remained under active review. The firm did not publicly identify the threat actor or disclose the intrusion method, leaving it unclear whether the incident involved ransomware or another form of unauthorized access. No evidence suggested data misuse at the time of the announcement, but the investigation remained ongoing as of February 22, 2022.

The potentially accessed data included sensitive client information such as names, Social Security numbers, driver’s license or state ID numbers, passport numbers, military IDs, financial account details, credit card numbers, medical records, health insurance information, online account credentials, digital signatures, and taxpayer identification numbers. The firm acknowledged that medical data might constitute protected health information (PHI), but it had not yet confirmed whether the breach met HIPAA reporting requirements. Impacted individuals were not immediately identifiable due to the incomplete investigation, prompting the firm to issue a blanket notification to all clients and involved parties on February 22, 2022. Taylor, Ganson & Perrin established a dedicated assistance line for inquiries but did not disclose the total number of affected individuals or specific remediation measures beyond recommending vigilance. The public notice emphasized the precautionary nature of the disclosure while the firm continued working to determine the full scope of the incident.