Start a Conversation

Unsolved

Closed

10 Elder

 • 

44K Posts

488

July 28th, 2023 13:00

Massive data breach...

Thousands of organizations use MOVEit software from Progress Software to encrypt and transfer files back/forth.

Russian hackers found a hole and exploited it. Progress patched the hole fairly quickly, but estimates suggest ~50%+ of affected organizations still haven't installed the MOVEit update.

So far, estimates put the total number of breach victims for this incident at ~500+ organizations and ~35+ Billion individuals.

Publicly known to have been affected:

  • U.S. Department of Energy
  • Shell Oil
  • First National Bankers Bank
  • First Merchants Bank
  • Putnam Investments
  • Datasite
  • OKK
  • Leggett & Platt
  • PricewaterhouseCoopers (PwC)
  • Ernst & Young
  • Health Services Ireland
  • BBC
  • British Airways
  • Boots Retail
  • Medibank
  • Rochester Hospital
  • GreenShield Canada
  • National Student Clearinghouse
  • United Healthcare Student Resources
  • University System of Georgia
  • Heidelberg
  • Aer Lingus
  • Government of Nova Scotia
  • Johns Hopkins University
  • Ofcom
  • Transport for London (TfL)
  • Cambridgeshire County Council
  • Gen Digital (parent company of Avast, Norton, and LifeLock)
  • New York City Department of Education
  • Siemens Energy
  • Schneider Electric
  • Dublin Airport
  • Madison College
  • Proskauer
  • City National Bank
  • Teachers Insurance and Annuity Association of America (TIAA)
  • Telos

Time to change passwords everywhere, whether the company/site acknowledges the breach or not. Keep both eyes on your financial accounts etc, etc.

More here...

3 Apprentice

 • 

15.2K Posts

August 1st, 2023 14:00

Thanks for the information Ron.

As it happens, I recognize (i.e., have business dealings with) one of the aforementioned companies.   And indeed, I was just contacted by a representative agency for them, offering me 2 years of complimentary credit monitoring.

 

10 Elder

 • 

44K Posts

August 1st, 2023 18:00

That was a short list of estimated 500+ companies and agencies already known to have been affected by this breach as of the date I posted.  Amazing/scary that Gen Digital (parent of Avast, Norton, and LifeLock) got caught up in this when they're supposed to be protecting us from the bad guys.

Since I posted, US Medicare (CMS) informed >600K individuals their healthcare records were breached via an attack at Maximus Federal Services, a Medicare contractor. Medicare is also offering 24 months of free credit monitoring and affected individuals will have to get a new Medicare number.

At least 3 other companies subsequently publicly confirmed data loss because of MOVEit breaches at subcontractors (not necessarily the same subcontractors):

  • VALIC Retirement Services Company
  • Sovos Compliance, LLC (financial software company)
  • Pacific Premier Bank (financial services provider)

I changed passwords on all my financial accounts, even though -so far- I'm not aware that any of these companies has been affected.  Better to be safe than... A financial company I use is in midst of a massive change to customer accounts and services. Tons of data have been moving back/forth between customers like me and this company in past ~2 weeks. So I wonder if they'd even notice a MOVEit attack right now...??

No Events found!

Top