While the ransomware attack on the Oregon Department of Environmental Equality (DQE) is making headlines this month, there was also an update to a lawsuit stemming from the MOVEit breach in 2023 that affected 3.5 million Oregonians whose driver’s license and identity information was held by the Oregon Driver and Motor Vehicle Services. Aimee Green…
Search Results for: MOVEit
Late Discovery: CMS and Wisconsin Physicians Service Insurance Corporation notify 947k of last year’s MOVEit data breach
Susan Morse reports: The Centers for Medicare and Medicaid Services and Wisconsin Physicians Service Insurance Corporation are mailing written notifications to 946,801 people whose protected health information or other personally identifiable information may have been compromised in a cyber breach. A security vulnerability was found in MOVEit software, a third-party application used in the transfer…
One year on, University System of Georgia admits MOVEit attack hit data of 800k people
Connor Jones reports: Just short of a year after the initial incident, the state of Georgia’s higher education government agency has confirmed that it was the victim of an attack on its systems affecting the data of 800,000 people. University System of Georgia (USG), which oversees 26 higher education institutions in the state, filed a disclosure with…
Oregon DMV sued over 2023 MOVEit data breach
In June 2023, DataBreaches reported that the Oregon Department of Motor Vehicles (DMV) had become a victim of the MOVEit breach by Clop. The DMV reported that 3.5 million drivers may have been affected. At the time, the state issued a statement saying, in part: We do not have the ability to identify if any…
CMS Notifies Additional Individuals Potentially Impacted by MOVEit Data Breach
As part of an ongoing investigation into the May 2023 data breach of Progress Software’s MOVEit Transfer software on the corporate network of Maximus Federal Services, Inc. (Maximus Federal Services), a contractor to the Medicare program, the Center for Medicare & Medicaid Services (CMS) has learned of additional individuals whose personally identifiable information (PII) may…
MOVEit hackers leverage new zero-day bug to breach organizations (CVE-2023-47246)
Helga Labus reports: A critical zero-day vulnerability (CVE-2023-47246) in the SysAid IT support and management software solution is being exploited by Lace Tempest, a ransomware affiliate known for deploying Cl0p ransomware. […] The (limited) attacks were first spotted by the Microsoft Threat Intelligence team, and they notified Israeli software maker SysAid about them on November…