June 29, 2023

Editors' notes

This article has been reviewed according to Science X's editorial process and policies. Editors have highlighted the following attributes while ensuring the content's credibility:

fact-checked

reputable news agency

proofread

The latest victim of the MOVEit data breach is the Department of Health and Human Services

by The Associated Press

data breach
Credit: Pixabay/CC0 Public Domain

Federal health officials have notified Congress of a data breach that could involve the information of more than 100,000 people.

A representative of the U.S. Department of Health and Human Services said Thursday that attackers gained access to the department's data by exploiting a vulnerability in widely used file-transfer software.

Other , major pension funds and private businesses also have been affected by a Russian ransomware gang's so-called supply chain hack of the software MOVEit.

The HHS official did not provide details on the type of data affected but said none of the department's systems or networks were compromised. Instead, the hackers accessed data managed by third-party vendors that the official did not name.

HHS reported to Congress on Tuesday what it considers to be a "major incident," which occurs when the data of 100,000 people or more is affected, the official said.

The breach of the MOVEit file-transfer program, discovered last month, is estimated by cybersecurity experts to have compromised hundreds of organizations globally. Confirmed victims include the U.S. Department of Energy, other , more than 9 million motorists in Oregon and Louisiana, Johns Hopkins University, Ernst & Young, the BBC and British Airways.

On Wednesday, the Tennessee Consolidated Retirement System said the data of more than 171,000 retirees and beneficiaries was involved in the breach. Last week, California's public pension fund said the of more than 769,000 retired workers and beneficiaries had been stolen.

The parent company of MOVEit's U.S. maker, Progress Software, alerted customers to the on May 31 and issued a patch. But cybersecurity researchers say scores—maybe hundreds—of companies could by then have had sensitive data quietly exfiltrated.

The Cl0p ransomware syndicate behind the hack has indicated that it would extort victims, threatening to dump their data online if they don't pay up.

© 2023 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed without permission.

Citation: The latest victim of the MOVEit data breach is the Department of Health and Human Services (2023, June 29) retrieved 28 April 2024 from https://techxplore.com/news/2023-06-latest-victim-moveit-breach-department.html
This document is subject to copyright. Apart from any fair dealing for the purpose of private study or research, no part may be reproduced without the written permission. The content is provided for information purposes only.

Explore further

Personal data of more than 700,000 retired California workers and beneficiaries have been stolen
1 shares

Feedback to editors
Computer scientists unveil novel attacks on cybersecurity

22 hours ago
Proof of concept study shows path to easier recycling of solar modules

Apr 26, 2024
New circuit boards can be repeatedly recycled

Apr 26, 2024
Researchers develop an automated benchmark for language-based task planners

Apr 26, 2024
Built-in bionic computing: Researchers develop method to control pneumatic artificial muscles

Apr 26, 2024
Custom-made catalyst leads to longer-lasting and more sustainable green hydrogen production

Apr 26, 2024
Researchers outline path forward for tandem solar cells

Apr 26, 2024
Researcher develop high-performance amorphous p-type oxide semiconductor

Apr 26, 2024
Scientists create new atomic clock that is both ultra-precise and sturdy

Apr 26, 2024
A framework to compare lithium battery testing data and results during operation

Apr 26, 2024
Load comments (0)