MOVEit Transfer zero-day mass-exploited in data theft attacks

vtqhtr413

Level 26
Verified
Top Poster
Well-known
Aug 17, 2017
1,516
HCPF clarifies that while their systems weren't directly compromised, the data exposure occurred through IBM, their contractor, which utilized the MOVEit software. "After IBM notified HCPF that it was impacted by the MOVEit incident, HCPF launched an investigation right away to understand whether the incident impacted its own systems, and to determine whether Health First Colorado or CHP+ members' protected health information was accessed by an unauthorized party," reads the notice.

The investigation revealed that the threat actors managed to access and likely exfiltrated files that contained certain Health First Colorado and CHP+ members' information, including:

  • Full names
  • Social Security Numbers (SSNs)
  • Medicaid ID number
  • Medicare ID number
  • Date of Birth
  • Home address
  • Contact information
  • Income information
  • Demographic data
  • Clinical data (diagnosis, lab results, treatment, medication)
  • Health insurance information
The above data can be utilized to launch effective phishing or social engineering attacks, and can help with identity or bank fraud activity.
 

plat

Level 29
Top Poster
Sep 13, 2018
1,793
Valuable personal data stolen from third parties and then exploited has been the model for a long time.
100% Your (general) Fort Knox of a setup is useless against this type of third party attack, unless the crooks then target you specifically. They want your money, that's it.

That's why it should be mandatory that affected organizations notify us promptly. My bank was pretty straightforward and matter-of-fact about it, and more importantly: pro-active.

And you, LastPass? 😒
 

vtqhtr413

Level 26
Verified
Top Poster
Well-known
Aug 17, 2017
1,516
They are devoting an outsized amount of effort on protecting localhost that is disproportionate to the threats.
I would say most members and guest of the forum consider personal security a hobby, maybe even a sport, an escape from 'you name it' in any case, a harmless pastime. The bigger threat, as you say is the kind of personal data exposure I and others have posted about here in this thread and I think other members understand that, I'll keep reminders coming just in case ;)
 

vtqhtr413

Level 26
Verified
Top Poster
Well-known
Aug 17, 2017
1,516
Flagstar Bank is warning that over 800,000 US customers had their personal information stolen by cybercriminals due to a breach at a third-party service provider. Flagstar, now owned by the New York Community Bank, is a Michigan-based financial services provider that, before its acquisition last year, was one of the largest banks in the United States, having total assets of over $31 billion.

A data breach notification sent to impacted customers explains that Flagstar was indirectly impacted by Fiserv, a vendor it uses for payment processing and mobile banking services. Fiserv was breached in the widespread CLOP MOVEit Transfer data theft attacks that have impacted over 64 million people and two thousand organizations worldwide, according to a report by Emsisooft.

The types of data that were compromised are redacted in the sample data breach notification letters. However, the entry on Maine’s data breach portal lists at least names and Social Security Numbers (SSNs) as stolen by the threat actors. The total number of Flagstar Bank customers impacted by this incident is 837,390 in the United States.
 
  • +Reputation
Reactions: Gandalf_The_Grey

Ink

Administrator
Thread author
Verified
Staff Member
Well-known
Jan 8, 2011
22,355
Sony Interactive Entertainment (Sony) has notified current and former employees and their family members about a cybersecurity breach that exposed personal information.

The company sent the data breach notification to about 6,800 individuals, confirming that the intrusion occurred after an unauthorized party exploited a zero-day vulnerability in the MOVEit Transfer platform.

The zero-day is CVE-2023-34362, a critical-severity SQL injection flaw that leads to remote code execution, leveraged by the Clop ransomware in large-scale attacks that compromised numerous organizations across the world.

Clop ransomware gang added Sony Group to its list of victims in late June. However, the firm did not provide a public statement until now.

 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top