GRCP
Company Details
Linkedin ID:
gilmore-rees-&-carlson-p.c.
Website:
Employees number:
36
Number of followers:
216
NAICS:
5411
Industry Type:
Homepage:
grcpc.com
IP Addresses:
0
Company ID:
GIL_2228635
Scan Status:
In-progress
Gilmore, Rees & Carlson, P.C. Company CyberSecurity Posture
grcpc.com
For over 20 years, the lawyers of Gilmore, Rees and Carlson, P.C., have worked with individuals, families and business owners to effectively resolve the issues they face today and to plan for the future. With one of the largest trust and estate departments in New England, and accompanying real estate and litigation capabilities, the firm delivers expertise one would normally find only in a large downtown firm in the convenience of the suburbs. Learn how the counselors of Gilmore, Rees and Carlson, P.C., can address your legal needs and bring you peace of mind.
Gilmore, Rees & Carlson, P.C. A.I CyberSecurity Scoring
GRCP Risk Score (AI oriented)Between 700 and 749
GRCP
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
GRCP Global Score (TPRM)XXXX
GRCP
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
GRCP Company CyberSecurity News & History
Past Incidents
1
Attack Types
1
Gilmore Rees & Carlson, PC
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: On **March 17, 2021**, Gilmore Rees & Carlson, PC experienced a **data breach** reported by the Maine Office of the Attorney General on **July 15, 2021**. The incident involved **unauthorized access** to the law firm’s systems, compromising sensitive personal and financial information of **1,320 individuals**, including **10 Maine residents**. The exposed data included **names, dates of birth, driver’s license numbers, Social Security numbers, and financial account details**—highly sensitive information that could facilitate identity theft, financial fraud, or further targeted cyberattacks. The breach highlights significant vulnerabilities in the firm’s cybersecurity defenses, particularly concerning the protection of **personally identifiable information (PII)** and financial records. Given the nature of the compromised data, affected individuals face heightened risks of **fraud, phishing, and long-term reputational harm**. The incident underscores the critical need for robust access controls, encryption, and proactive monitoring to prevent similar breaches in legal and financial sectors, where client confidentiality is paramount. While the breach did not explicitly mention ransomware or a broader systemic attack, the **scale and sensitivity of the leaked data** suggest severe operational and legal repercussions for the firm, including potential regulatory penalties and loss of client trust.
GRCP Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for GRCP
Incidents vs Legal Services Industry Average (This Year)
No incidents recorded for Gilmore, Rees & Carlson, P.C. in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for Gilmore, Rees & Carlson, P.C. in 2025.
Incident Types GRCP vs Legal Services Industry Avg (This Year)
No incidents recorded for Gilmore, Rees & Carlson, P.C. in 2025.
Incident History — GRCP (X = Date, Y = Severity)
GRCP cyber incidents detection timeline including parent company and subsidiaries
GRCP Company Subsidiaries
For over 20 years, the lawyers of Gilmore, Rees and Carlson, P.C., have worked with individuals, families and business owners to effectively resolve the issues they face today and to plan for the future. With one of the largest trust and estate departments in New England, and accompanying real estate and litigation capabilities, the firm delivers expertise one would normally find only in a large downtown firm in the convenience of the suburbs. Learn how the counselors of Gilmore, Rees and Carlson, P.C., can address your legal needs and bring you peace of mind.
Loading...
GRCP Similar Companies
Myers Wolin, LLC
MYERS WOLIN is a full service Intellectual Property firm providing high-quality legal services to clients from a diverse range of industries and technologies, both public and private, from startups in emerging markets to established businesses that include computers, electronics, wireless communicat
Susan Luger Associates, Inc.
Susan Luger Associates operates in the Greater New York City area, including Long Island, the 5 Boroughs, Westchester and Rockland Counties, and New Jersey. SLA is a proud member of the special education professional and academic community, sponsoring and partaking in workshops, seminars and lect
Legal Chimp
Legalchimp.com is designed to assist individuals, families and small businesses by facilitating ease in handling minor as well as larger legal hurdles. For individuals and families, we provide professional legal forms that range from basic forms to more complex documents, conveniently and inexpensiv
Share Data Limited
Share Data Limited is a leading provider of Medallion Guarantee Stamp services, specializing in the processing of U.S. and Canadian securities. We now offer the 2M Medallion Signature Guarantee Stamp, enabling the seamless transfer and sale of shares. Our expertise extends to resealing grants of pro
Apex Document Solutions
ADS specialise in reprographics (print, copy and scan) for the legal and financial sectors, based in the City of London we are just minutes from the Royal Courts of Justice, the Stock Exchange and Lloyd’s of London. This enables us to support our clients across the legal and financial sectors offeri
GarloWard, P.C.
Garlo Ward is a law firm for health care providers, businesses and employers. Our clients include long term care, retirement, home health care and assisted living providers, ICF-MRs, physicians and other health care providers. We also represent other small businesses with their issues such as contra
.png)
GRCP CyberSecurity News
November 12, 2025 08:00 AM
Attorney Personally Liable for Client’s Company’s $2M Tax Liability
Court rules lawyer personally responsible for unpaid taxes after directing fund transfers away from IRS while serving as sole director of...
October 28, 2025 03:04 PM
Tax Law Update: November 2025
Inflation adjustments for 2026—Revenue Procedure 2025-32 (released Oct. 9, 2025) sets forth inflation adjustments for 2026: • Total contributions to all...
October 15, 2025 02:53 PM
IRS Issues Inflation Adjustments for 2026
Total contributions to traditional individual retirement accounts and Roth IRAs will be capped at $7,500 ($8,600 for individuals age 50 or older). or the...
September 26, 2025 07:00 AM
Freight train derails after collision with truck at Riverina level crossing
An early morning collision at a Bribbaree crossing between a train and truck leads to derailment. Emergency services manage diesel spill and...
September 17, 2025 07:00 AM
Second Circuit Negates SALT Workaround
U.S. Court of Appeals upholds state and local tax deduction cap for charitable contributions.
August 20, 2025 07:00 AM
Estate Tax Portability: Incomplete Return Invalidates Election
Tax Court rules incomplete estate tax return for portability election invalid, highlighting importance of proper reporting for marital and...
July 02, 2025 07:00 AM
Distributions of Stock in a GRAT Don’t Trigger Insider Trader Rules
A district court held on summary judgment that an insider didn't have to disgorge his profits from the sale of stock received from a grantor retained annuity...
June 18, 2025 07:00 AM
Estate Granted Extension for Alternate Valuation Date Election
The estate tax return was filed without making an election to use the “alternate valuation date” under IRC Section 2032(a) or for the protective election under...
April 15, 2025 07:00 AM
Tax Law Update: May 2025
The Tax Court held for the taxpayer that an intrafamily interest-only loan at the applicable federal rate (AFR) wasn't a gift.
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
GRCP CyberSecurity History Information
Official Website of Gilmore, Rees & Carlson, P.C.
The official website of Gilmore, Rees & Carlson, P.C. is http://www.grcpc.com.
Gilmore, Rees & Carlson, P.C.’s AI-Generated Cybersecurity Score
According to Rankiteo, Gilmore, Rees & Carlson, P.C.’s AI-generated cybersecurity score is 729, reflecting their Moderate security posture.
How many security badges does Gilmore, Rees & Carlson, P.C.’ have ?
According to Rankiteo, Gilmore, Rees & Carlson, P.C. currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does Gilmore, Rees & Carlson, P.C. have SOC 2 Type 1 certification ?
According to Rankiteo, Gilmore, Rees & Carlson, P.C. is not certified under SOC 2 Type 1.
Does Gilmore, Rees & Carlson, P.C. have SOC 2 Type 2 certification ?
According to Rankiteo, Gilmore, Rees & Carlson, P.C. does not hold a SOC 2 Type 2 certification.
Does Gilmore, Rees & Carlson, P.C. comply with GDPR ?
According to Rankiteo, Gilmore, Rees & Carlson, P.C. is not listed as GDPR compliant.
Does Gilmore, Rees & Carlson, P.C. have PCI DSS certification ?
According to Rankiteo, Gilmore, Rees & Carlson, P.C. does not currently maintain PCI DSS compliance.
Does Gilmore, Rees & Carlson, P.C. comply with HIPAA ?
According to Rankiteo, Gilmore, Rees & Carlson, P.C. is not compliant with HIPAA regulations.
Does Gilmore, Rees & Carlson, P.C. have ISO 27001 certification ?
According to Rankiteo,Gilmore, Rees & Carlson, P.C. is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Gilmore, Rees & Carlson, P.C.
Gilmore, Rees & Carlson, P.C. operates primarily in the Legal Services industry.
Number of Employees at Gilmore, Rees & Carlson, P.C.
Gilmore, Rees & Carlson, P.C. employs approximately 36 people worldwide.
Subsidiaries Owned by Gilmore, Rees & Carlson, P.C.
Gilmore, Rees & Carlson, P.C. presently has no subsidiaries across any sectors.
Gilmore, Rees & Carlson, P.C.’s LinkedIn Followers
Gilmore, Rees & Carlson, P.C.’s official LinkedIn profile has approximately 216 followers.
NAICS Classification of Gilmore, Rees & Carlson, P.C.
Gilmore, Rees & Carlson, P.C. is classified under the NAICS code 5411, which corresponds to Legal Services.
Gilmore, Rees & Carlson, P.C.’s Presence on Crunchbase
No, Gilmore, Rees & Carlson, P.C. does not have a profile on Crunchbase.
Gilmore, Rees & Carlson, P.C.’s Presence on LinkedIn
Yes, Gilmore, Rees & Carlson, P.C. maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/gilmore-rees-&-carlson-p.c..
Cybersecurity Incidents Involving Gilmore, Rees & Carlson, P.C.
As of November 30, 2025, Rankiteo reports that Gilmore, Rees & Carlson, P.C. has experienced 1 cybersecurity incidents.
Number of Peer and Competitor Companies
Gilmore, Rees & Carlson, P.C. has an estimated 7,389 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Gilmore, Rees & Carlson, P.C. ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach.
How does Gilmore, Rees & Carlson, P.C. detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an communication strategy with public disclosure via maine office of the attorney general..
Incident Details
Can you provide details on each incident ?
Title: Data Breach at Gilmore Rees & Carlson, PC
Description: The Maine Office of the Attorney General reported a data breach involving Gilmore Rees & Carlson, PC. The breach involved unauthorized access to systems, affecting 10 Maine residents and a total of 1,320 individuals. The potentially compromised information included names, dates of birth, driver’s license numbers, Social Security numbers, and financial account information.
Date Publicly Disclosed: 2021-07-15
Type: Data Breach
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach GIL1016082125
Data Compromised: Names, Dates of birth, Driver’s license numbers, Social security numbers, Financial account information
Identity Theft Risk: High (PII and financial data exposed)
Payment Information Risk: High (financial account information exposed)
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Personally Identifiable Information (Pii), Financial Data and .
Which entities were affected by each incident ?
Incident : Data Breach GIL1016082125
Entity Name: Gilmore Rees & Carlson, PC
Entity Type: Law Firm
Industry: Legal Services
Customers Affected: 1320
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Breach GIL1016082125
Communication Strategy: Public disclosure via Maine Office of the Attorney General
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach GIL1016082125
Type of Data Compromised: Personally identifiable information (pii), Financial data
Number of Records Exposed: 1320
Sensitivity of Data: High
Data Exfiltration: Likely (unauthorized access to systems)
Personally Identifiable Information: namesdates of birthdriver’s license numbersSocial Security numbers
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : Data Breach GIL1016082125
Regulatory Notifications: Maine Office of the Attorney General
References
Where can I find more information about each incident ?
Incident : Data Breach GIL1016082125
Source: Maine Office of the Attorney General
Date Accessed: 2021-07-15
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Maine Office of the Attorney GeneralDate Accessed: 2021-07-15.
Investigation Status
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Public disclosure via Maine Office of the Attorney General.
Additional Questions
Incident Details
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2021-07-15.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were names, dates of birth, driver’s license numbers, Social Security numbers, financial account information and .
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were dates of birth, driver’s license numbers, names, financial account information and Social Security numbers.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 132.0.
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident is Maine Office of the Attorney General.
.png)
Latest Global CVEs (Not Company-Specific)
Description
A vulnerability was determined in motogadget mo.lock Ignition Lock up to 20251125. Affected by this vulnerability is an unknown functionality of the component NFC Handler. Executing manipulation can lead to use of hard-coded cryptographic key . The physical device can be targeted for the attack. A high complexity level is associated with this attack. The exploitation appears to be difficult. The vendor was contacted early about this disclosure but did not respond in any way.
Risk Information
cvss2
Base: 1.2
Severity: HIGH
AV:L/AC:H/Au:N/C:P/I:N/A:N
cvss3
Base: 2.0
Severity: HIGH
CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss4
Base: 1.0
Severity: HIGH
CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
OrangeHRM is a comprehensive human resource management (HRM) system. From version 5.0 to 5.7, the interview attachment retrieval endpoint in the Recruitment module serves files based solely on an authenticated session and user-supplied identifiers, without verifying whether the requester has permission to access the associated interview record. Because the server does not perform any recruitment-level authorization checks, an ESS-level user with no access to recruitment workflows can directly request interview attachment URLs and receive the corresponding files. This exposes confidential interview documents—including candidate CVs, evaluations, and supporting files—to unauthorized users. The issue arises from relying on predictable object identifiers and session presence rather than validating the user’s association with the relevant recruitment process. This issue has been patched in version 5.8.
Risk Information
cvss4
Base: 5.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
OrangeHRM is a comprehensive human resource management (HRM) system. From version 5.0 to 5.7, the application’s recruitment attachment retrieval endpoint does not enforce the required authorization checks before serving candidate files. Even users restricted to ESS-level access, who have no permission to view the Recruitment module, can directly access candidate attachment URLs. When an authenticated request is made to the attachment endpoint, the system validates the session but does not confirm that the requesting user has the necessary recruitment permissions. As a result, any authenticated user can download CVs and other uploaded documents for arbitrary candidates by issuing direct requests to the attachment endpoint, leading to unauthorized exposure of sensitive applicant data. This issue has been patched in version 5.8.
Risk Information
cvss4
Base: 5.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
OrangeHRM is a comprehensive human resource management (HRM) system. From version 5.0 to 5.7, the application does not invalidate existing sessions when a user is disabled or when a password change occurs, allowing active session cookies to remain valid indefinitely. As a result, a disabled user, or an attacker using a compromised account, can continue to access protected pages and perform operations as long as a prior session remains active. Because the server performs no session revocation or session-store cleanup during these critical state changes, disabling an account or updating credentials has no effect on already-established sessions. This makes administrative disable actions ineffective and allows unauthorized users to retain full access even after an account is closed or a password is reset, exposing the system to prolonged unauthorized use and significantly increasing the impact of account takeover scenarios. This issue has been patched in version 5.8.
Risk Information
cvss4
Base: 8.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
OrangeHRM is a comprehensive human resource management (HRM) system. From version 5.0 to 5.7, the password reset workflow does not enforce that the username submitted in the final reset request matches the account for which the reset process was originally initiated. After obtaining a valid reset link for any account they can receive email for, an attacker can alter the username parameter in the final reset request to target a different user. Because the system accepts the supplied username without verification, the attacker can set a new password for any chosen account, including privileged accounts, resulting in full account takeover. This issue has been patched in version 5.8.
Risk Information
cvss4
Base: 8.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=gilmore-rees-&-carlson-p.c.' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
