Updated News Around the World
The latest victim of the MOVEit data breach is the Department of Health and Human Services
Technology

The latest victim of the MOVEit data breach is the Department of Health and Human Services

By Andrew McCollum
data breach
Credit: Pixabay/CC0 Public Domain

Federal health officials have notified Congress of a data breach that could involve the information of more than 100,000 people.

A representative of the U.S. Department of Health and Human Services said Thursday that attackers gained access to the department’s data by exploiting a vulnerability in widely used file-transfer software.

Other government agencies, major pension funds and private businesses also have been affected by a Russian ransomware gang’s so-called supply chain hack of the software MOVEit.

The HHS official did not provide details on the type of data affected but said none of the department’s systems or networks were compromised. Instead, the hackers accessed data managed by third-party vendors that the official did not name.

HHS reported to Congress on Tuesday what it considers to be a “major incident,” which occurs when the data of 100,000 people or more is affected, the official said.

The breach of the MOVEit file-transfer program, discovered last month, is estimated by cybersecurity experts to have compromised hundreds of organizations globally. Confirmed victims include the U.S. Department of Energy, other federal agencies, more than 9 million motorists in Oregon and Louisiana, Johns Hopkins University, Ernst & Young, the BBC and British Airways.

On Wednesday, the Tennessee Consolidated Retirement System said the data of more than 171,000 retirees and beneficiaries was involved in the breach. Last week, California’s public pension fund said the personal data of more than 769,000 retired workers and beneficiaries had been stolen.

The parent company of MOVEit’s U.S. maker, Progress Software, alerted customers to the breach on May 31 and issued a patch. But cybersecurity researchers say scores—maybe hundreds—of companies could by then have had sensitive data quietly exfiltrated.

The Cl0p ransomware syndicate behind the hack has indicated that it would extort victims, threatening to dump their data online if they don’t pay up.

© 2023 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed without permission.

Citation:
The latest victim of the MOVEit data breach is the Department of Health and Human Services (2023, June 29)
retrieved 29 June 2023
from https://techxplore.com/news/2023-06-latest-victim-moveit-breach-department.html

This document is subject to copyright. Apart from any fair dealing for the purpose of private study or research, no
part may be reproduced without the written permission. The content is provided for information purposes only.

For all the latest Technology News Click Here 

 For the latest news and updates, follow us on Google News

Read original article here

Denial of responsibility! NewsUpdate is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.

Andrew McCollum 109721 posts 0 comments