Security News > 2023 > August > US govt contractor Serco discloses data breach after MoveIT attacks
Serco Inc, the Americas division of multinational outsourcing company Serco Group, has disclosed a data breach after attackers stole the personal information of over 10,000 individuals from a third-party vendor's MoveIT managed file transfer server.
"On June 30, 2023, Serco was made aware that our third-party benefits administration provider, CBIZ, experienced a ransomware attack and data breach," the company explained.
Serco is currently collaborating with CBIZ to investigate the breach and assess the full extent of the incident, focusing on ensuring that the third-party vendor has implemented security measures to prevent future incidents.
The Clop ransomware gang initiated a large-scale data-theft campaign exploiting a zero-day vulnerability in the MOVEit Transfer secure file transfer platform starting May 27th. On June 15, the cybercrime group began extorting organizations that fell victim to the data theft attacks, with the threat actors publicly exposing their names on their dark web data leak site.
Hackers steal data of 45,000 New York City students in MOVEit breach.
8 million people hit by data breach at US govt contractor Maximus.
News URL
Related news
- FBCS data breach impact now reaches 4.2 million people (source)
- Crypto exchange Gemini discloses third-party data breach (source)
- HealthEquity says data breach impacts 4.3 million people (source)
- Average data breach cost jumps to $4.88 million, collateral damage increased (source)
- CISA and FBI: DDoS attacks won’t impact US election integrity (source)
- FBI, CISA remind US voters that DDoS attacks can't touch election systems (source)
- Optus and Medibank Data Breach Cases Allege Cyber Security Failures (source)
- SEC ends probe into MOVEit attacks impacting 95 million people (source)
- ADT confirms data breach after customer info leaked on hacking forum (source)
- CSC ServiceWorks discloses data breach after 2023 cyberattack (source)