swidup
commented
1 year ago The software made by Progress Software Corp., a Burlington, Massachusetts-based company, allows organizations to transfer files and data.
Open swidup opened 1 year ago
swidup
commented
1 year ago The software made by Progress Software Corp., a Burlington, Massachusetts-based company, allows organizations to transfer files and data.
swidup
commented
1 year ago https://www.bbc.com/news/technology-65814104
The BBC, British Airways, Boots and Aer Lingus are among a growing number of organisations affected by a mass hack.
swidup
commented
1 year ago https://www.thestack.technology/zellis-data-breach/ AON, Amex, American Fidelity, Equiniti, Hess, KPMG and Xilinx
swidup
commented
1 year ago Minnesota Department of Education https://sahanjournal.com/education/minnesota-department-education-hacked-moveit/
swidup
commented
1 year ago swidup
commented
1 year ago swidup
commented
1 year ago swidup
commented
1 year ago More government agencies https://www.govinfosecurity.com/breach-roundup-more-moveit-victims-including-us-government-a-22308
Louisiana Office of Motor Vehicles https://www.nola.com/news/heres-what-to-do-after-huge-louisiana-omv-data-breach/article_63780a8e-0bc2-11ee-b595-971851fe8a39.html
Oregon Department of Transportation https://oregoncapitalchronicle.com/2023/06/15/data-breach-could-affect-3-5-million-oregonians/ 3.5 million
US Department of Energy https://www.reuters.com/technology/us-energy-dept-got-two-ransom-requests-cl0p-data-breach-2023-06-16/
US Department of Health and Human Services https://www.wftv.com/news/health/latest-victim-moveit/I7IUYH3NJNGNJNNWT7CH4PBFRI/
Illinois Department of Innovation & Technology https://www.illinois.gov/news/press-release.26654.html
Jackson County https://www.wtvy.com/2023/08/08/medical-data-breach-affects-jackson-county-patients/
UMass Chan Medical School https://www.boston25news.com/news/local/massachusetts-health-officials-warn-data-breach-affecting-more-than-134000-people-state-says/INS76OYBWNCVVCDT36QVTRUV5U/
Clop ransomware MOVEit attacks exposed email addresses of 632,000 Pentagon & DoJ employees https://www.techfinitive.com/clop-ransomware-moveit-attacks-pentagon/
swidup
commented
1 year ago https://healthitsecurity.com/news/johns-hopkins-health-system-suffers-cyberattack
Oregon Health Plan (OHP) via PH TECH https://healthitsecurity.com/news/vendor-data-breach-impacts-1.7m-oregon-health-plan-members
"As previously reported, dozens of organizations around the world have been reporting breaches stemming from a vulnerability in the MOVEit Transfer software, including Allegheny County in Pennsylvania, UT Southwestern Medical Center, and Johns Hopkins All Children’s Hospital.
At PH TECH, following notification from Progress Software, the company immediately moved its system offline and informed the FBI of the incident."
swidup
commented
1 year ago swidup
commented
1 year ago Data Breach at Fidelity National Information Services Impacts Customers at Several Large Banks https://www.jdsupra.com/legalnews/data-breach-at-fidelity-national-2260724/
swidup
commented
1 year ago swidup
commented
1 year ago Genworth Financial says up to 2.7M customers' data exposed in breach - PBI Research Services https://seekingalpha.com/news/3982231-genworth-says-up-to-27m-customers-data-exposed-in-breach Another downstream customer breached
swidup
commented
1 year ago swidup
commented
1 year ago Tennessee Consolidated Retirement System (TCRS) https://www.claiborneprogress.net/2023/06/29/state-treasurer-alerts-retirees-of-breach-in-vendor-data-security/
swidup
commented
1 year ago National Student Clearinghouse https://www.databreaches.net/national-student-clearinghouse-notifies-schools-of-moveit-breach/
SUNY Broome down stream from National Student Clearinghouse, TIAA Cref and Corebridge. https://www.wbng.com/2023/08/07/suny-broome-impacted-by-statewide-data-breach/
Michigan State University https://wwmt.com/news/state/michigan-state-announces-third-party-data-breach-impacting-school-community
swidup
commented
1 year ago swidup
commented
1 year ago swidup
commented
1 year ago https://therecord.media/data-of-sixteen-million-exposed-moveit
"Just this week, [the University of California, Los Angeles, Siemens Energy and Schneider Electric]revealed that they had data accessed through the MOVEit vulnerability.
Bloomberg and the Associated Press reported that the Department of Health and Human Services is the fourth federal department or agency to be involved in the MOVEit fiasco. Department officials allegedly told Congress that more than 100,000 people were affected by their data breach.
The departments of Energy and Agriculture, as well as the Office of Personnel Management, were also affected by the issue."
swidup
commented
1 year ago swidup
commented
1 year ago Union Bank and Trust Company https://www.jdsupra.com/legalnews/union-bank-and-trust-company-notifies-6440595/
swidup
commented
1 year ago Department of Health and Human Services (HHS) and the Centers for Medicare & Medicaid Services (CMS) https://www.homecaremag.com/news/cms-responds-data-breach-contractor via Maximus Federal Services, Inc.
Also Georgia Department of Community Health via Maximus. https://www.fox5atlanta.com/news/georgia-department-of-community-health-services-possibly-hacked-by-russian-cybercriminals
CMS Notifies Additional Individuals Potentially Impacted by MOVEit Data Breach (via Maximus Federal Services) https://www.cms.gov/newsroom/press-releases/cms-notifies-additional-individuals-potentially-impacted-moveit-data-breach
swidup
commented
1 year ago IBM https://techcrunch.com/2023/08/14/millions-americans-health-data-moveit-hackers-clop-ibm
Colorado is via IBM apparently https://www.bleepingcomputer.com/news/security/colorado-warns-4-million-of-data-stolen-in-ibm-moveit-breach/
Also Colorado is affected from Maximus Human Services https://www.9news.com/article/news/crime/human-services-provider-data-security-incident/73-ce08cea2-4326-443b-b4dd-86b3e47415fb
https://cybernews.com/news/colorado-hcpf-ibm-data-breach/ medical data compromised as well.
Janssen CarePath https://www.teiss.co.uk/news/news-scroller/ibm-data-breach-compromised-the-personal-data-of-janssen-carepath-customers-12828
Johnson & Johnson via IBM/CarePath https://www.bankinfosecurity.com/ibm-says-631k-affected-in-johnson-johnson-database-breach-a-23335
swidup
commented
1 year ago U.S. Division of Ernst & Young Experiences MOVEit Data Breach Affecting Bank of America Clients https://www.jdsupra.com/legalnews/u-s-division-of-ernst-young-experiences-8946212/
swidup
commented
1 year ago New York Life data exposed in third-party breach https://cybernews.com/news/new-york-life-insurance-company-data-breach/
swidup
commented
1 year ago Indiana’s Medicaid system Via Maximus Health Services https://fox59.com/news/ransomware-group-with-russian-ties-behind-indianas-medicaid-data-security-breach/
Over 100,000 Pima County residents PII stolen in data breach Also via Maximus https://www.kvoa.com/news/over-100-000-pima-residents-pii-stolen-in-data-breach/article_53616eec-475e-11ee-8539-f7c826bbce79.html
swidup
commented
1 year ago United Bank announces breach involving Camden Clark data https://www.newsandsentinel.com/news/business/2023/08/united-bank-announces-breach-involving-camden-clark-data/
swidup
commented
1 year ago Temple Terrace Fire Department https://www.ems1.com/cyber-attacks/articles/fla-fds-ambulance-billing-hit-by-data-breach-FuwZ39cJnIoQT9Wt/
swidup
commented
1 year ago PokerStars data breach exposes over 110K customers https://cybernews.com/news/pokerstars-data-breach/
swidup
commented
1 year ago Pôle emploi, the French governmental agency responsible for unemployment registration and financial aid 10 million affected there https://winbuzzer.com/2023/08/30/massive-data-breach-at-french-unemployment-agency-exposes-millions-xcxwbn/
swidup
commented
1 year ago 18 million Eversource Energy customers affected https://www.cambridgeday.com/2023/08/29/every-eversource-customer-in-the-state-is-exposed-by-data-breach-but-solar-program-is-hit-the-worst/
swidup
commented
1 year ago Community Trust Bank, Inc. https://www.jdsupra.com/legalnews/community-trust-bank-inc-confirms-6942214/
swidup
commented
1 year ago Baylor College of Medicine, Vitality Group LLC https://www.click2houston.com/news/local/2023/09/14/vendor-used-by-baylor-college-of-medicine-for-employee-wellness-portal-reports-possible-data-breach/
swidup
commented
1 year ago Shell says Australian unit BG Group hit by MOVEit cybersecurity breach https://www.reuters.com/business/energy/shell-says-australian-unit-hit-by-moveit-data-breach-2023-09-14/
Healthcare IT Service Provider IBM Data Breach Impacts Johnson & Johnson Customers https://www.cpomagazine.com/cyber-security/healthcare-it-service-provider-ibm-data-breach-impacts-johnson-johnson-customers/
Harris Health System https://www.click2houston.com/news/local/2023/09/12/thousands-of-houston-healthcare-patients-warned-about-massive-data-breach/
swidup
commented
1 year ago Northfield Bank https://www.jdsupra.com/legalnews/northfield-bank-reports-third-party-5508179/
Cadence Bank https://www.jdsupra.com/legalnews/cadence-bank-confirms-moveit-data-5123726/
North Mississippi Health Services via Cadence Bank https://www.djournal.com/news/business/cadence-announces-third-party-data-breach-that-could-affect-nmhs-patients/article_287eddf8-7847-11ee-9b0c-4b89a8908b11.html
swidup
commented
1 year ago Grand Valley State University https://lanthorn.com/99634/news/third-party-data-breach-exposes-gv-students-info/
swidup
commented
1 year ago https://securityaffairs.com/150949/cyber-crime/north-carolina-hospitals-data-breach.html
The company on Friday said that Clop group may have stolen personal data at numerous North Carolina hospitals and other health care providers, including:
Atrium Health, the Charlotte-based health care system giant. Catawba Valley Medical Center in Hickory. Charlotte Radiology. Duke University Health System. DLP Central Carolina Medical Center in Sanford. Greenville-based ECU Health. Pinehurst-based FirstHealth of the Carolinas. Asheville-based Mission Health System. Winston-Salem-based Novant Health. Novant Health New Hanover Regional Medical Center in Wilmington. Chapel Hill-based UNC Health. Raleigh-based Wake Radiology Diagnostic Imaging. Raleigh-based WakeMed Health & Hospitals.
swidup
commented
1 year ago Sony https://www.hcamag.com/us/specialization/hr-technology/over-6000-individuals-hit-in-sony-data-breach-reports/462426 6800 affected
"Sony has confirmed that it was attacked by threat actors which exploited a zero-day vulnerability in its MOVEit Transfer platform, where two cases of significant data breaches were seen. The first one occurred last May 28, but it was only until June 2 when Sony discovered that its data was accessed and stolen from it by an unauthorized group.
Those that were affected were its 6,800 former and current employees, along with their family members whose data was stored in Sony's databases. The Clop ransomware gang was responsible for the attack, centering on the CVE-2023-34362, a high-severity SQL injection flaw that allowed access to sensitive data including credit card details, personal user information, and passwords."
swidup
commented
1 year ago Flagstar Bank of Michigan https://www.itworldcanada.com/article/cyber-security-today-oct-9-2023-us-bank-notifies-over-800000-of-a-moveit-hack-data-stolen-from-dna-test-service-and-more/548594 800,000
"“Fiserv, a third-party vendor used by legacy New York Community Bank and legacy Flagstar Bank for payment processing and mobile banking services, was affected by a zero-day vulnerability in the MOVEit secure file transfer application. "
swidup
commented
1 year ago Westat Inc., Medical University Hospital Authority’s MUSC Health https://muschealth.org/westat-data-incident
Cape Fear Valley Health via Westat https://www.mydailyrecord.com/news/personal-info-of-local-patients-risked-in-data-breach/article_f04a39a8-7023-11ee-84a5-6f4388be8b2a.html
swidup
commented
1 year ago swidup
commented
1 year ago San Diego PACE
San Diego PACE, a specialized health plan for individuals over 55 years of age, has confirmed that the information of some of its members has been stolen in a cyberattack on one of its vendors. Cognisight is a business associate that provides healthcare management services to San Diago PACE and uses Progress Software’s MOVEit solution for file transfers. The MOVEit solution was compromised in late May and on June 5, 2023, it was confirmed that some plan member data had been stolen. The delay in issuing notifications was due to the time taken to review the affected files and obtain up-to-date contact information. Affected individuals have been offered complimentary credit monitoring services.
https://www.hipaajournal.com/236000-fairfax-oral-and-maxillofacial-surgery-ransomware-attack/
swidup
commented
1 year ago Over 9,500 Bank of Canton customers may have had personal information exposed due to data breach via Fiserv https://www.boston25news.com/news/local/over-9500-bank-canton-customers-may-have-had-personal-information-exposed-due-data-breach/A5KVGXA7SZE3ZCDZ364LTMOUXI/
swidup
commented
1 year ago swidup
commented
1 year ago swidup
commented
1 year ago swidup
commented
1 year ago Piscataqua Savings Bank https://news.yahoo.com/piscataqua-savings-bank-customer-information-092822700.html
swidup
commented
1 year ago 89,500 St. Bernards Healthcare Patients via WELLTOK https://www.hipaajournal.com/ransomware-harris-center-mental-health-fams/
https://techcrunch.com/2023/11/20/hackers-accessed-sensitive-health-data-of-welltok-patients/
Welltok announces data breach that may affect CHI Memorial patients https://www.local3news.com/local-news/welltok-announces-data-breach-that-may-affect-chi-memorial-patients/article_4d2e5934-a7fa-11ee-be25-b7acc99837d4.html
Yale New Haven Health https://ctmirror.org/2024/01/04/ct-welltok-data-breach-ynhh/
swidup
commented
1 year ago https://www.helpnetsecurity.com/2023/11/09/exploited-cve-2023-47246/ New vuln being exploited against these instances.
swidup
commented
1 year ago Sun Life Financial https://www.teiss.co.uk/news/sun-life-financial-says-moveit-data-breach-impacted-more-than-212k-us-customers-13104
"Sun Life Financial, a leading international financial services organisation, said it suffered a major data breach that affected the personal information of more than 212,000 individuals."
https://atlantic.ctvnews.ca/nova-scotians-personal-information-stolen-in-global-security-breach-province-1.6426804
"The province has yet to determine what information may have been taken or how many Nova Scotians could be affected by the breach to software company MoveIt's products, Cyber Security and Digital Solutions Minister Colton LeBlanc said in a Sunday news conference."
https://www.reuters.com/technology/moveit-hack-spawned-around-600-breaches-isnt-done-yet-cyber-analysts-2023-08-08/
"For example, when cl0p subverted the MOVEit software used by a company called Pension Benefit Information, which specializes in locating surviving family members of pension fund holders, they gained access to the data of the New York-based Teachers Insurance and Annuity Association of America, which in turn manages pension programs for 15,000 institutional clients, many of whom have spent the past weeks notifying employees of their exposure."