Unsolved
10 Elder
•
44K Posts
0
491
Massive data breach...
Thousands of organizations use MOVEit software from Progress Software to encrypt and transfer files back/forth.
Russian hackers found a hole and exploited it. Progress patched the hole fairly quickly, but estimates suggest ~50%+ of affected organizations still haven't installed the MOVEit update.
So far, estimates put the total number of breach victims for this incident at ~500+ organizations and ~35+ Billion individuals.
Publicly known to have been affected:
- U.S. Department of Energy
- Shell Oil
- First National Bankers Bank
- First Merchants Bank
- Putnam Investments
- Datasite
- OKK
- Leggett & Platt
- PricewaterhouseCoopers (PwC)
- Ernst & Young
- Health Services Ireland
- BBC
- British Airways
- Boots Retail
- Medibank
- Rochester Hospital
- GreenShield Canada
- National Student Clearinghouse
- United Healthcare Student Resources
- University System of Georgia
- Heidelberg
- Aer Lingus
- Government of Nova Scotia
- Johns Hopkins University
- Ofcom
- Transport for London (TfL)
- Cambridgeshire County Council
- Gen Digital (parent company of Avast, Norton, and LifeLock)
- New York City Department of Education
- Siemens Energy
- Schneider Electric
- Dublin Airport
- Madison College
- Proskauer
- City National Bank
- Teachers Insurance and Annuity Association of America (TIAA)
- Telos
Time to change passwords everywhere, whether the company/site acknowledges the breach or not. Keep both eyes on your financial accounts etc, etc.
More here...
ky331
3 Apprentice
3 Apprentice
•
15.2K Posts
0
August 1st, 2023 14:00
Thanks for the information Ron.
As it happens, I recognize (i.e., have business dealings with) one of the aforementioned companies. And indeed, I was just contacted by a representative agency for them, offering me 2 years of complimentary credit monitoring.
RoHe
10 Elder
10 Elder
•
44K Posts
0
August 1st, 2023 18:00
That was a short list of estimated 500+ companies and agencies already known to have been affected by this breach as of the date I posted. Amazing/scary that Gen Digital (parent of Avast, Norton, and LifeLock) got caught up in this when they're supposed to be protecting us from the bad guys.
Since I posted, US Medicare (CMS) informed >600K individuals their healthcare records were breached via an attack at Maximus Federal Services, a Medicare contractor. Medicare is also offering 24 months of free credit monitoring and affected individuals will have to get a new Medicare number.
At least 3 other companies subsequently publicly confirmed data loss because of MOVEit breaches at subcontractors (not necessarily the same subcontractors):
I changed passwords on all my financial accounts, even though -so far- I'm not aware that any of these companies has been affected. Better to be safe than... A financial company I use is in midst of a massive change to customer accounts and services. Tons of data have been moving back/forth between customers like me and this company in past ~2 weeks. So I wonder if they'd even notice a MOVEit attack right now...??