Heimdal
article featured image

Contents:

U.S. government service contracting giant Maximus has disclosed a data breach warning that threat actors stole the personal data (including Social Security numbers and protected health information) of 8 to 11 million people by exploiting a vulnerability in MOVEit Transfer.

Maximus is a contractor that oversees and runs US government-sponsored initiatives, such as student loan servicing and federal and local healthcare programs. The corporation, which includes operations in the United States, Canada, Australia, and the United Kingdom, has 34,300 employees and generates yearly revenues of around $4.25 billion.

Details About the Breach: The Latest Victim of the MOVEit Campaign

In an 8-K form filed on Wednesday with the Securities and Exchange Commission (SEC), Maximus disclosed that the threat actors stole the data by leveraging the CVE-2023-34362 vulnerability. This vulnerability was frequently exploited by the Clop ransomware gang to infiltrate hundreds of prominent businesses worldwide.

The company promptly commenced an investigation of the incident with the assistance of outside legal, forensic, and data analytics experts and has taken remedial steps to address the reported vulnerability. After investigations, Maximus found no indication that the threat actors progressed further than the MOVEit environment, which was immediately isolated from the rest of the company’s network.

Based on the review of impacted files to date, [Maximus] believes those files contain personal information, including social security numbers, protected health information and/or other personal information, of at least 8 to 11 million individuals to whom the company anticipates providing notice of the incident.

Maximus’s 8-K Form (Source)

It would take “several more weeks” for the company to correctly identify the number of individuals affected by the breach. If the number is close to or higher than the maximum estimation of 11 million individuals, it would be the largest breach of healthcare data this year, and the most significant data breach reported as a result of the MOVEit mass-hacks. In its 8-K filing, the company stated that it had started contacting affected consumers and federal and state regulators. It also stated that it anticipated the investigation and remediation of the security breach would cost about $15 million.

Clop Hits Again

Maximus was one of a large batch of 70 new victims that the Clop ransomware group added to its dark web data leak site yesterday. All of these victims were compromised utilizing the MOVEit zero-day vulnerability.

According to the entry on Clop’s website, during the hack on Maximus’ MOVEit Transfer server, 169GB of data were taken. But no information has yet been exposed, therefore the extortion scheme is still active.

The Clop ransomware gang has turned to more aggressive extortion techniques as the list of MOVEit zero-day bug victims rises and the enormity of the attack partially normalises the large-scale data breaches that have compromised the data of hundreds of millions.

Recently, they started using clearweb sites to publish the stolen information of certain businesses, which gives them additional leverage over the victims by making the information more widely available.

Heimdal® Keeps You Patched

Unpatched applications are a common cause of breaches occurring in companies. In most cases, patches and vulnerabilities can slip through your IT team due to either poor patching techniques or relying heavily on manual patching. To keep you protected at all times, opting for an automated patch management solution, such as Heimdal®’s Patch & Asset Management solution seems to be the way to go.

Heimdal®’s Patch & Asset Management is a fully automated and customizable patching solution that will help your company patch Windows, Linux, macOS, third-party, and even proprietary apps, all in one place, from anywhere in the world, at any time. With our solution, you will be able to patch endpoints across your entire organization in less than 4 hours, increasing the overall cybersecurity of your company and security posture by keeping you compliant with the latest industry standards (GDPR, UK PSN, HIPAA, PCI-DSS, NIST).

Enjoy a customizable, hyper-automated tool, that you govern!

Heimdal Official Logo
Install and Patch Software. Close Vulnerabilities. Achieve Compliance.

Heimdal® Patch & Asset Management

Remotely and automatically install Windows, Linux and 3rd party patches and manage your software inventory.
  • Create policies that meet your exact needs;
  • Full compliance and CVE/CVSS audit trail;
  • Gain extensive vulnerability intelligence;
  • And much more than we can fit in here...
Try it for FREE today 30-day Free Trial. Offer valid only for companies.

If you want to keep up to date with everything we post, don’t forget to follow us on LinkedInTwitterFacebookYoutube, and Instagram for more cybersecurity news and topics.

Author Profile

Cristian Neagu

CONTENT EDITOR

linkedin icon

Cristian is a Content Editor & Creator at Heimdal®, where he developed a deep understanding of the digital threat landscape. His style resonates with both technical and non-technical readers, proof being in his skill of communicating cybersecurity norms effectively, in an easy-to-understand manner.

CHECK OUR SUITE OF 11 CYBERSECURITY SOLUTIONS

SEE MORE