MOVEit hack claims Calpers and Genworth as millions more victims impacted

The number of victims of the MOVEit hack grew by several million on Thursday after the biggest US pension fund, Calpers, and insurer Genworth Financial said personal information of their members and customers had been compromised.

Both said a third-party vendor, PBI Research Services, was affected in a data theft hack, providing a path for the hackers to then steal data from Calpers and Genworth. PBI could not be reached for comment.

Calpers said on June 6, 2023, PBI told them of a “vulnerability” in their MOVEit Transfer software that allowed hackers to download “our data” without specifying how many people were impacted. News reports said information from more than 700,000 Calpers members and retirees was taken.

The MOVEit software is widely-used by organisations around the world to share sensitive data.

Genworth Financial was harder hit, saying personal information of nearly 2.5 million to 2.7 million of its customers was breached.

“The personal information of a significant number of insurance policyholders or other customers of its life insurance businesses was unlawfully accessed,” Genworth said.

Discover the stories of your interest


From US government departments to the UK’s telecom regulator and energy giant Shell, a range of victims have emerged since Burlington, Massachusetts-based Progress Software found the security flaw in its MOVEit Transfer product last month. The insurer said it is working to ensure “protection services” are provided to the impacted individuals, according to a regulatory filing.

Data taken from Calpers included members’ first and last name, date of birth and social security number. It serves more than 2 million members in its retirement system.

The MOVEit hack has hit several state and federal agencies. Last week, the US Department of Energy got ransom requests from the Russia-linked extortion group Cl0p at both its nuclear waste facility and scientific education facility that were recently hit in a global hacking campaign.

Data was compromised at the two DOE entities after hackers breached their systems through a security flaw in MOVEit Transfer.

The wide-ranging impact of the hack shows how even the most security-minded federal agencies are struggling to defend against ransomware attacks. Ransomware gangs typically scour for such widely-used tools.

Stay on top of technology and startup news that matters. Subscribe to our daily newsletter for the latest and must-read tech news, delivered straight to your inbox.

For all the latest Technology News Click Here 

Read original article here

Denial of responsibility! TechAI is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.