MOVEit Transfer zero-day mass-exploited in data theft attacks

[vtqhtr413]

HCPF clarifies that while their systems weren't directly compromised, the data exposure occurred through IBM, their contractor, which utilized the MOVEit software. "After IBM notified HCPF that it was impacted by the MOVEit incident, HCPF launched an investigation right away to understand whether the incident impacted its own systems, and to determine whether Health First Colorado or CHP+ members' protected health information was accessed by an unauthorized party," reads the notice.

The investigation revealed that the threat actors managed to access and likely exfiltrated files that contained certain Health First Colorado and CHP+ members' information, including:

• Full names
• Social Security Numbers (SSNs)
• Medicaid ID number
• Medicare ID number
• Date of Birth
• Home address
• Contact information
• Income information
• Demographic data
• Clinical data (diagnosis, lab results, treatment, medication)
• Health insurance information

The above data can be utilized to launch effective phishing or social engineering attacks, and can help with identity or bank fraud activity.

Colorado warns 4 million of data stolen in IBM MOVEit breach

The Colorado Department of Health Care Policy & Financing (HCPF) is alerting more than four million individuals of a data breach that impacted their personal and health information.

www.bleepingcomputer.com

 

[plat]

Valuable personal data stolen from third parties and then exploited has been the model for a long time.

100% Your (general) Fort Knox of a setup is useless against this type of third party attack, unless the crooks then target you specifically. They want your money, that's it.

That's why it should be mandatory that affected organizations notify us promptly. My bank was pretty straightforward and matter-of-fact about it, and more importantly: pro-active.

And you, LastPass?

 

[vtqhtr413]

They are devoting an outsized amount of effort on protecting localhost that is disproportionate to the threats.

I would say most members and guest of the forum consider personal security a hobby, maybe even a sport, an escape from 'you name it' in any case, a harmless pastime. The bigger threat, as you say is the kind of personal data exposure I and others have posted about here in this thread and I think other members understand that, I'll keep reminders coming just in case

 

[vtqhtr413]

Flagstar Bank is warning that over 800,000 US customers had their personal information stolen by cybercriminals due to a breach at a third-party service provider. Flagstar, now owned by the New York Community Bank, is a Michigan-based financial services provider that, before its acquisition last year, was one of the largest banks in the United States, having total assets of over $31 billion.

A data breach notification sent to impacted customers explains that Flagstar was indirectly impacted by Fiserv, a vendor it uses for payment processing and mobile banking services. Fiserv was breached in the widespread CLOP MOVEit Transfer data theft attacks that have impacted over 64 million people and two thousand organizations worldwide, according to a report by Emsisooft.

The types of data that were compromised are redacted in the sample data breach notification letters. However, the entry on Maine’s data breach portal lists at least names and Social Security Numbers (SSNs) as stolen by the threat actors. The total number of Flagstar Bank customers impacted by this incident is 837,390 in the United States.

https://www.bleepingcomputer.com/news/security/third-flagstar-bank-data-breach-since-2021-affects-800-000-customers/

 

[Ink]

Sony Interactive Entertainment (Sony) has notified current and former employees and their family members about a cybersecurity breach that exposed personal information.

The company sent the data breach notification to about 6,800 individuals, confirming that the intrusion occurred after an unauthorized party exploited a zero-day vulnerability in the MOVEit Transfer platform.

The zero-day is CVE-2023-34362, a critical-severity SQL injection flaw that leads to remote code execution, leveraged by the Clop ransomware in large-scale attacks that compromised numerous organizations across the world.

Clop ransomware gang added Sony Group to its list of victims in late June. However, the firm did not provide a public statement until now.

Sony confirms data breach impacting thousands in the U.S.

Sony Interactive Entertainment (Sony) has notified current and former employees and their family members about a cybersecurity breach that exposed personal information.

www.bleepingcomputer.com

DocumentCloud

www.documentcloud.org