Marsh & McLennan reportedly said in a recent breach notification that it found the breach on April 26 and that an “unauthorized actor had leveraged a vulnerability in a third party’s software since at least April 22.”
The company shut down the breach on April 30, according to the notification.