Full Report
On January 11, 2026, we were alerted to suspicious activity potentially impacting our network. In response, we launched an investigation and engaged third-party experts to assist. We also took measures to contain and remediate the incident, including quarantining assets, disabling affected accounts, blocking access to our network, and resetting passwords for affected accounts. Based on our in-depth investigation to date, supported by our external experts, it appears that an unknown third-party gained unauthorized access to a limited set of electronically stored personal information between January 3, 2026 through January 7, 2026. As a result of our detailed analysis of the impacted information, we recently determined, on May 12, 2026, that certain of your personal information was included in the electronic data accessed during the incident. However, our investigation has revealed no evidence to suggest that your data has been fraudulently used.
Analysis Summary
# Incident Report: Unauthorized Access to Global Consulting Services & Software Development Systems
## Executive Summary
Between January 3 and January 7, 2026, an unknown third party gained unauthorized access to a limited set of electronically stored personal information at Global Consulting Services & Software Development. The breach was detected on January 11, 2026, leading to a forensic investigation that confirmed the compromise of PII for 1,320 individuals. While the breach was contained in January, the full scope of impacted individuals was not finalized until May 12, 2026.
## Incident Details
- **Discovery Date:** January 11, 2026
- **Incident Date:** January 3, 2026 – January 7, 2026
- **Affected Organization:** Global Consulting Services & Software Development
- **Sector:** Other Commercial (IT Consulting/Software Development)
- **Geography:** Irvine, California, USA
## Timeline of Events
### Initial Access
- **Date/Time:** January 3, 2026
- **Vector:** External system breach (Hacking)
- **Details:** An unknown threat actor bypassed security controls to access electronic data storage.
### Lateral Movement
- **Details:** Not explicitly disclosed; however, the attacker maintained access for four days, suggesting movement within the specific environment housing personal information.
### Data Exfiltration/Impact
- **Date:** January 3 – January 7, 2026
- **Details:** Unauthorized access to a limited set of electronically stored personal information (PII).
### Detection & Response
- **January 11, 2026:** Suspicious activity alerted the organization; internal investigation launched.
- **January 11 – Ongoing:** Third-party forensic experts engaged; assets quarantined; passwords reset.
- **May 12, 2026:** Detailed analysis finalized the list of 1,320 affected individuals.
- **May 18, 2026:** Formal written notifications sent to affected consumers.
## Attack Methodology
- **Initial Access:** External hacking (Specific entry point such as VPN, Phishing, or Exploit not disclosed).
- **Persistence:** Unauthorized presence maintained for 4 days.
- **Collection:** Gathering of electronically stored personal identifiers.
- **Impact:** Unauthorized data access and potential exfiltration of PII.
## Impact Assessment
- **Financial:** Costs associated with third-party forensics, legal counsel (Sheppard Mullin), and 24 months of identity monitoring for 1,320 people.
- **Data Breach:** Compromise of names and other personal identifiers for 1,320 individuals (including 3 Maine residents).
- **Operational:** Required quarantining of assets and organization-wide password resets.
- **Reputational:** Mandatory disclosure to the Maine Attorney General and public breach notification.
## Indicators of Compromise
- **Network indicators:** [Not disclosed in the public notice]
- **File indicators:** [Not disclosed in the public notice]
- **Behavioral indicators:** "Suspicious activity potentially impacting our network" flagged by internal monitoring on Jan 11.
## Response Actions
- **Containment:** Quarantining affected assets and blocking unauthorized access to the network.
- **Eradication:** Disabling affected accounts and performing a mandatory password reset for all impacted users.
- **Recovery:** Engagement of third-party forensic experts to validate the integrity of the environment.
- **Protection:** Provision of 24 months of Kroll Identity Monitoring (Triple Bureau Credit Monitoring and Identity Restoration).
## Lessons Learned
- **Detection Gap:** There was a 4-day gap between initial access and the end of the breach, and an 8-day gap before initial detection.
- **Inventory Management:** The four-month delay between discovery (Jan) and victim identification (May) suggests a need for better data indexing and logging to speed up forensic "blast radius" assessments.
## Recommendations
- **Enhance Monitoring:** Implement more robust Endpoint Detection and Response (EDR) to identify suspicious behavior in real-time.
- **Data Minimization:** Review electronically stored information policies to ensure PII is only retained as long as necessary, reducing the impact of future breaches.
- **Access Control:** Implement Multi-Factor Authentication (MFA) across all external-facing systems to mitigate "hacking" via credential theft.