McElroy Associates
Company Details
Linkedin ID:
mcelroy-associates
Website:
Employees number:
53
Number of followers:
1,258
NAICS:
23
Industry Type:
Homepage:
mea.ie
IP Addresses:
0
Company ID:
MCE_9218352
Scan Status:
In-progress
McElroy Associates Company CyberSecurity Posture
mea.ie
McElroy Associates carry out work in the Design, Project Management and Construction Supervision of building projects for international and Irish clients, primarily in the industrial sector across a range of pharmaceutical, healthcare, process and food industry companies. McElroy Associates was founded in 1991 and since then we have focused on developing strong working relationships with our clients which we believe forms our core ability to successfully deliver projects. Our experience covers a wide range of projects in new and existing facilities and we offer a comprehensive range of services in Civil, Structural, Architectural, Mechanical and Electrical Engineering and Project Management
McElroy Associates A.I CyberSecurity Scoring
McElroy Associates Risk Score (AI oriented)Between 650 and 699
McElroy Associates
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
McElroy Associates Global Score (TPRM)XXXX
McElroy Associates
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
McElroy Associates Company CyberSecurity News & History
Past Incidents
1
Attack Types
1
McElroy & Associates and Inc.: McElroy & Associates Data Breach Lawsuit Investigation
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks
Description: McElroy & Associates Suffers Data Breach Exposing PII and PHI of 6,633 Individuals McElroy & Associates, Inc. disclosed a data breach affecting 6,633 individuals in the U.S., exposing personally identifiable information (PII) and protected health information (PHI). The breach was reported to the U.S. Department of Health and Human Services on October 17, 2025, after suspicious activity was detected in an employee’s email account on May 30, 2025. An investigation revealed that an unauthorized actor accessed emails between May 28 and May 30, 2025, compromising sensitive data, including names, Social Security numbers, dates of birth, driver’s license numbers, financial account details, medical records, health insurance information, and login credentials. By September 3, 2025, the company completed its assessment and began mailing notifications to affected individuals, while also publishing a Notice of Data Security Event on its website. In response, McElroy & Associates secured its email systems, conducted a full review of impacted data, and established a dedicated helpline (833-866-9545) for affected individuals. The breach underscores the ongoing risks to sensitive healthcare and financial data in cyber incidents.
McElroy Associates Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for McElroy Associates
Incidents vs Construction Industry Average (This Year)
No incidents recorded for McElroy Associates in 2026.
Incidents vs All-Companies Average (This Year)
No incidents recorded for McElroy Associates in 2026.
Incident Types McElroy Associates vs Construction Industry Avg (This Year)
No incidents recorded for McElroy Associates in 2026.
Incident History — McElroy Associates (X = Date, Y = Severity)
McElroy Associates cyber incidents detection timeline including parent company and subsidiaries
McElroy Associates Company Subsidiaries
McElroy Associates carry out work in the Design, Project Management and Construction Supervision of building projects for international and Irish clients, primarily in the industrial sector across a range of pharmaceutical, healthcare, process and food industry companies. McElroy Associates was founded in 1991 and since then we have focused on developing strong working relationships with our clients which we believe forms our core ability to successfully deliver projects. Our experience covers a wide range of projects in new and existing facilities and we offer a comprehensive range of services in Civil, Structural, Architectural, Mechanical and Electrical Engineering and Project Management
Loading...
McElroy Associates Similar Companies
Our purpose is to sustainably deliver infrastructure which is vital to the UK. As a leading provider of infrastructure services, construction and property developments, we are committed to delivering for communities and leaving lasting legacies through our work. We are committed to attracting, reta
Hilti Group
Hilti stands for innovation and direct customer relationships. About 34,000 employees around the world, in more than 120 countries, contribute to making our customers’ work more productive, safer and more sustainable. We do this with our hardware, software and service offering. With roughly 280,000
Bouygues Construction
Bouygues Construction employs 35,600 people around the world, all driven by the greatest and most exciting responsibility of all – building for life. For our customers in more than 50 countries, we deliver much more than projects. We build to create spaces, connections and opportunities. We impro
ALEC Holdings
ALEC Holdings, part of the Investment Corporate of Dubai (ICD), is a leading construction and related businesses group operating in the UAE and KSA. The company builds and provides construction solutions that set industry benchmarks for quality, safety, functionality, and aesthetics. ALEC Holdings
VINCI Construction
Premier groupe français et acteur mondial de premier plan de la construction, VINCI Construction réunit plus de 830 entreprises et près de 69000 collaborateurs dans une centaine de pays. Ses expertises s’étendent à l’ensemble des métiers du bâtiment, du génie civil, et des activités spécialisées ass
NCC
NCC is one of the leading construction companies in the Nordics. Based on its expertise in managing complex construction processes, NCC contributes to a positive impact of construction for its customers and society. NCC is one of the largest players in the Nordic construction market, and operates
GMR Group is a leading Indian infrastructure conglomerate with a diversified presence across Airports, Energy, Transportation, Urban Infrastructure, and Sports. With over two decades of experience, the Group has built world-class assets and pioneered innovations in sustainable infrastructure develop
Hassan Allam Holding
Hassan Allam Holding is a leading group with a focus on engineering and construction, and investment and development. The Group operates in diverse sectors including infrastructure, energy, water, industrial, logistics, petrochemical, and complex large-scale projects in Egypt and the MENA region. Th
COLAS
Colas, a subsidiary of the Bouygues Group, is a major player in the construction and maintenance of transportation infrastructure and urban development. Colas covers the entire value chain: from industrial production to service offerings, including construction work. Thanks to its local presence
.png)
McElroy Associates CyberSecurity News
December 17, 2025 08:00 AM
Data Breaches Announced by Expert MRI; McElroy & Associates
Data breaches have recently been announced by the California radiology specialists, Expert MRI, and the small business technology...
August 18, 2021 07:00 AM
5 minutes with Rick McElroy - What CISOs should know about returning to the office
Rick McElroy, Principal Cybersecurity Strategist at VMware, discusses what chief information security officers (CISOs) should keep in mind as we get closer to...
March 08, 2021 08:00 AM
McElroy is the recipient of UMSL’s Community College President’s Scholarship
Lewis and Clark Community College transfer student Abby McElroy is pursuing a degree in criminology and criminal justice with the help of...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
McElroy Associates CyberSecurity History Information
Official Website of McElroy Associates
The official website of McElroy Associates is http://www.mea.ie.
McElroy Associates’s AI-Generated Cybersecurity Score
According to Rankiteo, McElroy Associates’s AI-generated cybersecurity score is 683, reflecting their Weak security posture.
How many security badges does McElroy Associates’ have ?
According to Rankiteo, McElroy Associates currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Has McElroy Associates been affected by any supply chain cyber incidents ?
According to Rankiteo, McElroy Associates has not been affected by any supply chain cyber incidents, and no incident IDs are currently listed for the organization.
Does McElroy Associates have SOC 2 Type 1 certification ?
According to Rankiteo, McElroy Associates is not certified under SOC 2 Type 1.
Does McElroy Associates have SOC 2 Type 2 certification ?
According to Rankiteo, McElroy Associates does not hold a SOC 2 Type 2 certification.
Does McElroy Associates comply with GDPR ?
According to Rankiteo, McElroy Associates is not listed as GDPR compliant.
Does McElroy Associates have PCI DSS certification ?
According to Rankiteo, McElroy Associates does not currently maintain PCI DSS compliance.
Does McElroy Associates comply with HIPAA ?
According to Rankiteo, McElroy Associates is not compliant with HIPAA regulations.
Does McElroy Associates have ISO 27001 certification ?
According to Rankiteo,McElroy Associates is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of McElroy Associates
McElroy Associates operates primarily in the Construction industry.
Number of Employees at McElroy Associates
McElroy Associates employs approximately 53 people worldwide.
Subsidiaries Owned by McElroy Associates
McElroy Associates presently has no subsidiaries across any sectors.
McElroy Associates’s LinkedIn Followers
McElroy Associates’s official LinkedIn profile has approximately 1,258 followers.
NAICS Classification of McElroy Associates
McElroy Associates is classified under the NAICS code 23, which corresponds to Construction.
McElroy Associates’s Presence on Crunchbase
No, McElroy Associates does not have a profile on Crunchbase.
McElroy Associates’s Presence on LinkedIn
Yes, McElroy Associates maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/mcelroy-associates.
Cybersecurity Incidents Involving McElroy Associates
As of January 25, 2026, Rankiteo reports that McElroy Associates has experienced 1 cybersecurity incidents.
Number of Peer and Competitor Companies
McElroy Associates has an estimated 39,315 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at McElroy Associates ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach.
How does McElroy Associates detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an containment measures with secured email environment, and remediation measures with comprehensive investigation, review of impacted information, and communication strategy with notified affected individuals by mail, posted notice of data security event on website, dedicated helpline..
Incident Details
Can you provide details on each incident ?
Title: McElroy & Associates Data Breach
Description: McElroy & Associates, Inc. experienced a significant data breach that exposed the personally identifiable information (PII) and protected health information (PHI) of 6,633 individuals in the U.S. The breach was detected when suspicious activity was discovered in an employee’s email account, allowing an unauthorized actor to access sensitive information.
Date Detected: 2025-05-30
Date Publicly Disclosed: 2025-10-17
Type: Data Breach
Attack Vector: Compromised Email Account
Threat Actor: Unauthorized Actor
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
How does the company identify the attack vectors used in incidents ?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Employee email account.
Impact of the Incidents
What was the impact of each incident ?
Incident : Data Breach MCE1765965716
Data Compromised: PII and PHI of 6,633 individuals
Systems Affected: Employee email account
Identity Theft Risk: High
Payment Information Risk: High
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Personally Identifiable Information (Pii), Protected Health Information (Phi) and .
Which entities were affected by each incident ?
Incident : Data Breach MCE1765965716
Entity Name: McElroy & Associates, Inc.
Entity Type: Company
Location: U.S.
Customers Affected: 6,633 individuals
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Data Breach MCE1765965716
Containment Measures: Secured email environment
Remediation Measures: Comprehensive investigation, review of impacted information
Communication Strategy: Notified affected individuals by mail, posted Notice of Data Security Event on website, dedicated helpline
Data Breach Information
What type of data was compromised in each breach ?
Incident : Data Breach MCE1765965716
Type of Data Compromised: Personally identifiable information (pii), Protected health information (phi)
Number of Records Exposed: 6,633
Sensitivity of Data: High
Personally Identifiable Information: NamesAddressesSocial Security numbersDates of birthDriver’s license numbersFinancial account detailsMedical informationHealth insurance informationUsernames with passwords
What measures does the company take to prevent data exfiltration ?
Prevention of Data Exfiltration: The company takes the following measures to prevent data exfiltration: Comprehensive investigation, review of impacted information.
How does the company handle incidents involving personally identifiable information (PII) ?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by secured email environment.
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : Data Breach MCE1765965716
Regulatory Notifications: U.S. Department of Health and Human Services
Lessons Learned and Recommendations
What recommendations were made to prevent future incidents ?
Incident : Data Breach MCE1765965716
Recommendations: Carefully review any notice or communication from McElroy & Associates or your provider., Monitor financial accounts and credit reports for signs of identity theft., Consider placing fraud alerts or credit freezes with the major credit bureaus., Be cautious of unsolicited emails or phone calls requesting personal information.Carefully review any notice or communication from McElroy & Associates or your provider., Monitor financial accounts and credit reports for signs of identity theft., Consider placing fraud alerts or credit freezes with the major credit bureaus., Be cautious of unsolicited emails or phone calls requesting personal information.Carefully review any notice or communication from McElroy & Associates or your provider., Monitor financial accounts and credit reports for signs of identity theft., Consider placing fraud alerts or credit freezes with the major credit bureaus., Be cautious of unsolicited emails or phone calls requesting personal information.Carefully review any notice or communication from McElroy & Associates or your provider., Monitor financial accounts and credit reports for signs of identity theft., Consider placing fraud alerts or credit freezes with the major credit bureaus., Be cautious of unsolicited emails or phone calls requesting personal information.
References
Where can I find more information about each incident ?
Incident : Data Breach MCE1765965716
Source: McElroy & Associates Notice of Data Security Event
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: McElroy & Associates Notice of Data Security Event.
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Data Breach MCE1765965716
Investigation Status: Completed analysis of impacted data (as of 2025-09-03)
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Notified affected individuals by mail, posted Notice of Data Security Event on website and dedicated helpline.
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : Data Breach MCE1765965716
Customer Advisories: Dedicated helpline at 833-866-9545 (8 a.m. to 8 p.m. ET)
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: was Dedicated helpline at 833-866-9545 (8 a.m. to 8 p.m. ET).
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Data Breach MCE1765965716
Entry Point: Employee email account
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident was an Unauthorized Actor.
Incident Details
What was the most recent incident detected ?
Most Recent Incident Detected: The most recent incident detected was on 2025-05-30.
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2025-10-17.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident were PII and PHI of 6 and633 individuals.
Response to the Incidents
What containment measures were taken in the most recent incident ?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident was Secured email environment.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were PII and PHI of 6 and633 individuals.
What was the number of records exposed in the most significant breach ?
Number of Records Exposed in Most Significant Breach: The number of records exposed in the most significant breach was 6.6K.
Lessons Learned and Recommendations
What was the most significant recommendation implemented to improve cybersecurity ?
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Be cautious of unsolicited emails or phone calls requesting personal information., Carefully review any notice or communication from McElroy & Associates or your provider., Consider placing fraud alerts or credit freezes with the major credit bureaus. and Monitor financial accounts and credit reports for signs of identity theft..
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident is McElroy & Associates Notice of Data Security Event.
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Completed analysis of impacted data (as of 2025-09-03).
Stakeholder and Customer Advisories
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued was an Dedicated helpline at 833-866-9545 (8 a.m. to 8 p.m. ET).
Initial Access Broker
What was the most recent entry point used by an initial access broker ?
Most Recent Entry Point: The most recent entry point used by an initial access broker was an Employee email account.
.png)
Latest Global CVEs (Not Company-Specific)
Description
The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the processBackgroundAction() function in all versions up to, and including, 10.0.04. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify global map engine settings.
Risk Information
cvss3
Base: 5.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Description
The Save as PDF Plugin by PDFCrowd plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘options’ parameter in all versions up to, and including, 4.5.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. NOTE: Successful exploitation of this vulnerability requires that the PDFCrowd API key is blank (also known as "demo mode", which is the default configuration when the plugin is installed) or known.
Risk Information
cvss3
Base: 6.1
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Description
The Hustle – Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable to arbitrary file uploads due to incorrect file type validation in the action_import_module() function in all versions up to, and including, 7.8.9.2. This makes it possible for authenticated attackers, with a lower-privileged role (e.g., Subscriber-level access and above), to upload arbitrary files on the affected site's server which may make remote code execution possible. Successful exploitation requires an admin to grant Hustle module permissions (or module edit access) to the low-privileged user so they can access the Hustle admin page and obtain the required nonce.
Risk Information
cvss3
Base: 7.5
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Description
The WP Directory Kit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.9 via the wdk_public_action AJAX handler. This makes it possible for unauthenticated attackers to extract email addresses for users with Directory Kit-specific user roles.
Risk Information
cvss3
Base: 5.3
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Description
The Meta-box GalleryMeta plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
Risk Information
cvss3
Base: 4.4
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
References
- https://plugins.trac.wordpress.org/browser/meta-box-gallerymeta/tags/3.0.1/gallerymetaboxes.php#L119
- https://plugins.trac.wordpress.org/browser/meta-box-gallerymeta/tags/3.0.1/gallerymetaboxes.php#L314
- https://plugins.trac.wordpress.org/browser/meta-box-gallerymeta/tags/3.0.1/templates/single-mb_gallery.php#L31
- https://plugins.trac.wordpress.org/browser/meta-box-gallerymeta/tags/3.0.1/templates/single-mb_gallery.php#L33
- https://www.wordfence.com/threat-intel/vulnerabilities/id/bb9ae252-7e5f-4dc0-a162-100493b81980?source=cve
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=mcelroy-associates' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
