Health Data of Up to 11 Million Accessed by Hackers in MOVEit Breach

Maximus, a US government contractor, says the health data of up to 11 million individuals was accessed by hackers exploiting a MOVEit zero-day flaw....
Health Data of Up to 11 Million Accessed by Hackers in MOVEit Breach
Written by Staff
  • Maximus, a US government contractor, says the health data of up to 11 million individuals was accessed by hackers exploiting a MOVEit zero-day flaw.

    MOVEit is a secure file transfer utility used by many organizations. Unfortunately, the company behind it discovered a zero-day vulnerability that allowed hackers to gain access, according to an SEC filing by Maximus:

    On May 31, 2023, Progress Software Corporation, the developer of MOVEit (“MOVEit”), a file transfer application used by many organizations to transfer data, announced a critical zero-day vulnerability in the application that allowed unauthorized third parties to access its customers’ MOVEit environments. It appears that a significant number of commerhttps://www.sec.gov/ix?doc=/Archives/edgar/data/1032220/000103222023000061/mms-20230726.htmcial and government customers worldwide were affected by this vulnerability. Maximus, Inc. (“Maximus” or the “Company”) uses MOVEit for internal and external file sharing purposes, including to share data with government customers pertaining to individuals who participate in various government programs. The Company believes that the personal information of a significant number of individuals was accessed by an unauthorized third party by exploiting this MOVEit vulnerability. The Company is cooperating with law enforcement regarding this cybersecurity incident.

    Maximus estimates that investigation and remediation costs will come in at $15 million.

    Get the WebProNews newsletter delivered to your inbox

    Get the free daily newsletter read by decision makers

    Subscribe
    Advertise with Us

    Ready to get started?

    Get our media kit