Connect with us

Malware

IBM MOVEit Data Breach Exposes Missouri’s Health Information to Cybercriminals – Urgent Alert

Missouri authorities issue a warning after a data breach at IBM’s MoveIT platform exposed sensitive health information. The breach affected around 114,000 individuals, potentially compromising their names, addresses, and medical details. While IBM claims no evidence of misuse, affected individuals are advised to monitor their accounts closely and take necessary precautions to protect their personal information.

Published

on

An urgent alert about a data breach exposing Missouri's health information to cybercriminals.

Data Theft Exposes Missouri Medicaid Healthcare Information

IT Services wants to inform the public about a concerning data breach that occurred in Missouri. The state’s Department of Social Services recently revealed that protected Medicaid healthcare information was exposed due to a data theft attack on IBM’s MOVEit software.

This attack was carried out by the Clop ransomware gang, who exploited a zero-day vulnerability, tracked as CVE-2023-34362, to hack into MOVEit Transfer servers starting from May 27th.

As a result of these attacks, the threat actors managed to steal data from more than 600 organizations worldwide, including companies, educational organizations, federal government agencies, and local state agencies. You can find more information about the breach here.

It is estimated that the ransomware gang will profit between $75-100 million from these attacks.

Is the Zacks Data Breach Related to the IBM MOVEit Data Breach?

The latest zacks data breach update does not indicate any direct connection to the IBM MOVEit Data Breach. While both incidents involve data breaches, there is no information suggesting they are linked. It is crucial to address each breach separately and take necessary precautions to ensure data security in all systems.

Missouri Health Data Breach

Yesterday, the Missouri Department of Social Services made a public announcement regarding a data breach that compromised health information related to Medicaid services in the state.

“The Missouri Department of Social Services (DSS) is currently addressing a data security incident that occurred in May 2023, involving IBM Consulting (IBM) and Progress Software’s MOVEit Transfer software,” stated the DSS in their official data breach notification.

IBM confirmed to IT Services that their MOVEit Transfer server was breached during these attacks, leading to the theft of data.

“IBM has been working closely with the Missouri Department of Social Services to investigate and minimize the impact of the incident involving MOVEit Transfer, a non-IBM data transfer program provided by Progress Software,” IBM informed IT Services in a statement.

“Upon receiving a security bulletin from Progress, we immediately severed the connection between MOVEit Transfer and the department’s IT systems to prevent any further impact on the data and privacy of Missouri citizens. No IBM systems were affected by this breach.”

After analyzing the stolen data, the DSS confirmed that it contained protected health information of Medicaid participants in Missouri.

The compromised information may include individuals’ names, department client numbers (DCN), dates of birth, possible benefit eligibility status or coverage, and medical claims information, as explained in the DSS notification.

The DSS is currently reviewing the files associated with this incident, which is a time-consuming process due to their large size, non-plain English format, and complex formatting.

Fortunately, the investigation has revealed that only two social security numbers were exposed, and no banking information has been identified.

Due to the size and complexity of the stolen files, it may take some time for the DSS to fully analyze the data and determine the extent of the breach.

However, as a precautionary measure, the DSS will be sending notifications to all Missouri Medicaid participants who were enrolled in May 2023.

As a response to the breach, the Missouri Department of Social Services advises individuals to freeze their credit to prevent threat actors from opening new accounts or borrowing money using their identities.

The agency also recommends that those affected monitor their credit reports for any unusual activity.

It’s worth noting that the MOVEit Transfer attacks have also affected other state agencies, such as the Louisiana and Oregon Department of Motor Vehicles, who reported in June that millions of state IDs were stolen.

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Malware

Cooler Master Admits Potent Data Breach: Customer Information Stolen

Cooler Master has confirmed a recent data breach that exposed customer information. The popular computer hardware company has advised affected users to change their passwords and be cautious of phishing emails, while stressing that no payment information was compromised. Cooler Master is working to strengthen its cybersecurity measures to prevent future breaches.

Published

on

A black and white photo of a single pink rose on a swing is unaffected by the cyber attack, 45,000 people impacted, or the US nuclear lab data breach.

The Cybersecurity Incident You Should Know About

Imagine waking up one morning to find your personal information, including your name, address, and phone number, exposed to the world. It’s a scary thought, right? Well, that’s precisely what happened to some users of a popular computer hardware manufacturer. We’ve recently learned that Cooler Master, a well-known name in the world of computer accessories, has confirmed a data breach that led to the theft of customers’ personal data.

Understanding the Impact of Cooler Master’s Data Breach

Let’s put things into perspective. Imagine you’re a small business owner in the U.S. who purchased computer components from Cooler Master. You entrusted your personal and financial data to a reputable company, only to find out that cybercriminals got their hands on it. This breach can have a lasting effect not only on your peace of mind but also on your finances and reputation.

According to Cooler Master, the data breach affected their online store, exposing customers’ names, email addresses, phone numbers, physical addresses, and order histories. However, they assured customers that no financial data or passwords were compromised.

How Cooler Master Responded to the Breach

Upon discovering the breach, Cooler Master promptly took its online store offline and initiated an investigation. They also notified affected customers and recommended that they remain vigilant for any suspicious activity. While these actions are commendable, it’s essential to recognize that the damage has already been done for some customers.

Why Cybersecurity Should Be a Priority for Everyone

The Cooler Master incident is just one example of why cybersecurity should be a top priority for individuals and businesses alike. Statistics show that data breaches in the U.S. have been on the rise, with over 1,000 reported cases and 155.8 million exposed records in 2020 alone.

Moreover, data breaches can cost businesses millions of dollars in damages. A study by IBM found that the average cost of a data breach in the U.S. is $8.64 million. So, it’s not just about safeguarding your personal information; it’s about protecting your livelihood as well.

What You Can Do to Protect Yourself

As a U.S. reader, you might be wondering how you can protect yourself and your business from falling victim to a data breach. Here are some tips:

  • Stay informed: Keep up to date with the latest cybersecurity news and trends. Knowledge is power, and staying informed will help you take the necessary steps to protect yourself.
  • Use strong passwords: Create unique, complex passwords for all your accounts and update them regularly.
  • Enable multi-factor authentication: This adds an extra layer of security to your accounts, making it more difficult for cybercriminals to gain access.
  • Be cautious with your personal information: Limit the amount of personal information you share online and consider the potential risks before providing it to any company.
  • Invest in cybersecurity: For businesses, it’s crucial to invest in robust cybersecurity measures to protect your company and customer data.

Let’s Keep the Conversation Going

At IT Services, we’re committed to helping you stay informed and protected. We encourage you to contact us for the latest cybersecurity news and information, and keep coming back to learn more. Together, we can build a safer digital future for everyone.

Continue Reading

Malware

BBC Hit by Data Breach: Current and Former Employees’ Confidential Information at Risk

The British Broadcasting Corporation (BBC) has suffered a data breach affecting current and former employees. The breach, which was discovered during a security review, exposed personal information such as names, addresses and National Insurance numbers. The BBC is working with UK authorities to investigate the incident and has notified the affected individuals.

Published

on

Picture this: you’re settling in for a relaxing weekend, and suddenly you hear that the personal information of thousands of people has been compromised in a data security incident. Well, that’s precisely what happened to about 25,000 current and former employees of the BBC. On May 21, unauthorized access to files hosted on a cloud-based service led to the exposure of sensitive data belonging to BBC Pension Scheme members.

What Did the Hackers Get?

Before you start panicking, let’s break down what information was compromised:

  • Full names
  • National Insurance numbers
  • Dates of birth
  • Sex
  • Home addresses

Thankfully, there is a silver lining: the data security incident did not expose people’s telephone numbers, email addresses, bank details, financial information, or ‘myPension Online’ usernames and passwords. And, more good news, the pension scheme portal is still safe to use.

What Happens Now?

The BBC has notified the UK’s Information Commissioner’s Office (ICO) and the Pensions Regulator about the incident. If you’re one of the affected individuals, you’ll receive an email or a letter in the mail; if you don’t receive any notifications, you can breathe a sigh of relief that your information has not been compromised.

Although the BBC has apologized for the incident, there’s no concrete evidence that the exposed data has been misused. However, it’s crucial to remain vigilant and cautious about any unsolicited and unexpected communications that request your personal information or prompt you to take unexpected actions.

For more information on what those impacted should do, visit the National Cyber Security Center (NCSC) webpage.

Lessons Learned

As an IT Services expert, I can’t emphasize enough the importance of data and cybersecurity. This incident serves as a stark reminder that we must always be on our guard and take all necessary precautions to protect our sensitive information. So, what can you do to safeguard your data?

  • Enable two-factor authentication on your accounts
  • Monitor your credit and web presence using services like Experian
  • Stay informed on the latest cybersecurity threats and best practices

Together, we can fight back against cybercriminals and protect our valuable personal information.

Stay Informed and Stay Safe

Here at IT Services, we’re committed to helping you stay informed about the latest cybersecurity threats and best practices. Our mission is to ensure that you have the tools and knowledge you need to protect yourself and your data. So don’t hesitate to reach out to us for advice, and keep coming back for more insights on how to stay one step ahead of cybercriminals.

Continue Reading

Malware

Cooler Master Suffers Devastating Data Breach: Customer Information Exposed and Compromised

Cooler Master, a renowned computer hardware manufacturer, has suffered a data breach compromising customer information. The breach, discovered on August 12, exposed names, email addresses, and phone numbers, but not financial data. Cooler Master is urging users to be cautious of phishing attempts and change their passwords immediately.

Published

on

Imagine you’re a fan of a popular computer hardware manufacturer, let’s call them Cooler Master, and you’ve just learned that your personal information has been compromised in a data breach. That’s right, a cybercriminal managed to sneak into the company’s website and make off with the Fanzone member information of 500,000 customers.

For those who may not know, Cooler Master is a well-known hardware manufacturer based in Taiwan that produces computer cases, cooling devices, gaming chairs, and other computer peripherals. You might even have some of their products in your own setup.

How the breach happened

Recently, a mysterious individual going by the alias “Ghostr” contacted us to claim that they had stolen 103 GB of data from Cooler Master on May 18th, 2024. “This data breach included cooler master corporate, vendor, sales, warranty, inventory and hr data as well as over 500,000 of their fanzone members personal information, including name, address, date of birth, phone, email + plain unencrypted credit card information containing name, credit card number, expiry and 3 digits cc code,” the threat actor told us.

The Fanzone site is where customers go to register product warranties, submit return merchandise authorization (RMA) requests, contact support, and sign up for news updates. According to Ghostr, they were able to breach one of Cooler Master’s front-facing websites, which allowed them access to a treasure trove of databases, including the one containing Fanzone member information.

Ghostr also mentioned that they tried to contact Cooler Master for payment in exchange for not leaking or selling the stolen data, but the company didn’t respond to their demands.

Evidence of the stolen data

As proof of their claims, Ghostr provided a link to a small sample of the stolen data, which appears to have been exported from Cooler Master’s Fanzone site. The files contain a wide variety of data, including product, vendor, customer, and employee information. One of the files even has around 1,000 records of what seems to be recent customer support tickets and RMA requests, complete with customers’ names, email addresses, dates of birth, physical addresses, phone numbers, and IP addresses.

We took it upon ourselves to verify the authenticity of the data by reaching out to several Cooler Master customers listed in the file. Many of them confirmed that the information was accurate and that they had indeed opened an RMA or support ticket on the date specified in the leaked sample. However, we couldn’t find any evidence in the files to support Ghostr’s claim that credit card information was also stolen.

As for the fate of the stolen data, Ghostr has stated their intention to sell it in the future, though they have yet to decide on a price. We tried to get in touch with Cooler Master to discuss the breach but received no response to our emails.

What you can do to protect yourself

Cybersecurity is a growing concern for everyone, and data breaches like this one are becoming all too common. It’s crucial to stay informed and take steps to protect your personal information from falling into the wrong hands. If you think you might be affected by this breach or if you’re concerned about your cybersecurity in general, don’t hesitate to reach out to us for support and resources. And remember, knowledge is power, so keep coming back to learn more about the latest threats and how to stay safe online.

Continue Reading

Trending

Copyright © 2023 IT Services Network.