Gensler

Gensler, also known as M. Arthur Gensler, Jr. & Associates, Inc. and Gensler Architects & Associates, is an organization headquartered in the United States of America. In May 2023, the firm experienced a significant cybersecurity incident that stemmed from a widespread vulnerability in the MOVEit secure file transfer software, a third-party tool it utilized. This breach permitted unauthorized actors to access and exfiltrate sensitive personal information from Gensler's systems. The compromised data specifically included individuals' full names along with their Social Security Numbers, representing a high-risk data theft incident for thousands of affected persons. The discovery of this intrusion prompted Gensler to initiate a response to mitigate potential harm for those whose information was stolen.

Following the identification of the breach, Gensler implemented a remediation plan focused on supporting impacted individuals. The organization committed to providing two years of complimentary identity theft protection services to all affected parties. These services, furnished through Experian IdentityWorks, encompass ongoing credit monitoring to detect suspicious activity and access to fraud consultation for guidance on resolving identity-related issues. This response was a direct consequence of the data acquired during the third-party software compromise, which exposed highly sensitive personal identifiers. The incident underscores the systemic risks associated with reliance on external software vendors and the critical importance of robust data security protocols for protecting client and employee information. Gensler's handling of the aftermath involved notifying affected individuals and offering a specific, tangible mitigation service to address the severe risks posed by the stolen Social Security Numbers.