Today, we are going to report on two recent data leakages caused by the well-known MOVEit Transfer attack.
The first incident involved a state government agency the Colorado Department of Health Care Policy & Financing (HCPF). The organization provides protection for low-income families, the elderly and people with disabilities. HCPF used an IBM contractor, which in turn used MOVEit software.
Following the revelation that IBM was one of the victims of the MOVEit transfer attack, the HCPF said it had launched an internal investigation to understand whether the incident impacted its own systems and to determine the number of affected. The investigation revealed that the data of more than 4 million people had been compromised. In a data leak notification to those affected, the HCPF claimed that its other internal databases had not been accessed by an unauthorized party.
Disclosed information belonged to certain Health First Colorado and CHP+ members' and contained:
- First and last names
- Social Security Numbers
- Medicaid ID number
- Medicare ID number
- Date of Birth
- Address
- Contact information
- Income information
- Demographic data
- Clinical data
- Health insurance information.
The second case exposes personal data of the Bank of America customers. Ernst & Young (EY), an organization that provides consulting, advisory and tax services to Bank of America, said at the end of June that it had been the victim of a MOVEit Transfer attack.
Following an internal investigation, EY claims that its own and Bank of America's internal systems were not compromised, but clients' personal information was still exposed.
According to EY, the incident disclosed the personal data of more than 30,000 individuals. The leaked data may have included:
- First and last names
- Addresses
- Financial account information
- Debit or credit card numbers
- Social Security Numbers
- Government-issued ID numbers.
In its letter to those involved, EY promised to provide exposed clients with a “complimentary two-year membership in an identity theft protection service.”
You can also read about the Prudential and Nova Scotia incidents caused by the MOVEit vulnerability.
Subscribe to get helpful articles and white papers.
We discuss industry trends and give advice on how to deal with data leaks and cyber incidents.
SearchInform uses four types of cookies as described below. You can decide which categories of cookies you wish to accept to improve your experience on our website. To learn more about the cookies we use on our site, please read our Cookie Policy.
Necessary Cookies
Always active. These cookies are essential to our website working effectively.
Cookies does not collect personal information. You can disable the cookie files
record
on the Internet Settings tab in your browser.
Functional Cookies
These cookies allow SearchInform to provide enhanced functionality and personalization, such as remembering the language you choose to interact with the website.
Performance Cookies
These cookies enable SearchInform to understand what information is the most valuable to you, so we can improve our services and website.
Third-party Cookies
These cookies are created by other resources to allow our website to embed content from other websites, for example, images, ads, and text.
Please enable Functional Cookies
You have disabled the Functional Cookies.
To complete the form and get in touch with us, you need to enable Functional Cookies.
Otherwise the form cannot be sent to us.
Subscribe to our newsletter and receive a bright and useful tutorial Explaining Information Security in 4 steps!
Subscribe to our newsletter and receive case studies in comics!