This article has been reviewed according to Science X's editorial process and policies. Editors have highlighted the following attributes while ensuring the content's credibility:


reputable news agency


The latest victim of the MOVEit data breach is the Department of Health and Human Services

data breach
Credit: Pixabay/CC0 Public Domain

Federal health officials have notified Congress of a data breach that could involve the information of more than 100,000 people.

A representative of the U.S. Department of Health and Human Services said Thursday that attackers gained access to the department's data by exploiting a vulnerability in widely used file-transfer software.

Other , major pension funds and private businesses also have been affected by a Russian ransomware gang's so-called supply chain hack of the software MOVEit.

The HHS official did not provide details on the type of data affected but said none of the department's systems or networks were compromised. Instead, the hackers accessed data managed by third-party vendors that the official did not name.

HHS reported to Congress on Tuesday what it considers to be a "major incident," which occurs when the data of 100,000 people or more is affected, the official said.

The breach of the MOVEit file-transfer program, discovered last month, is estimated by cybersecurity experts to have compromised hundreds of organizations globally. Confirmed victims include the U.S. Department of Energy, other , more than 9 million motorists in Oregon and Louisiana, Johns Hopkins University, Ernst & Young, the BBC and British Airways.

On Wednesday, the Tennessee Consolidated Retirement System said the data of more than 171,000 retirees and beneficiaries was involved in the breach. Last week, California's public pension fund said the of more than 769,000 retired workers and beneficiaries had been stolen.

The parent company of MOVEit's U.S. maker, Progress Software, alerted customers to the on May 31 and issued a patch. But cybersecurity researchers say scores—maybe hundreds—of companies could by then have had sensitive data quietly exfiltrated.

The Cl0p ransomware syndicate behind the hack has indicated that it would extort victims, threatening to dump their data online if they don't pay up.

© 2023 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed without permission.

Citation: The latest victim of the MOVEit data breach is the Department of Health and Human Services (2023, June 29) retrieved 7 December 2023 from
This document is subject to copyright. Apart from any fair dealing for the purpose of private study or research, no part may be reproduced without the written permission. The content is provided for information purposes only.

Explore further

Personal data of more than 700,000 retired California workers and beneficiaries have been stolen


Feedback to editors