The Weekly breach Breakdown Podcast by ITRC - Move It On Over - S4E17

Show Transcript

Welcome to the Identity Theft Resource Center’s (ITRC) Weekly Breach Breakdown for June 30, 2023. Thanks to Sentilink for their support of the podcast and the ITRC. Each week, we look at the most recent events and trends related to data security and privacy. This week, we look at one data breach already getting messy (the MOVEit file transfer attack) and another involving retirement information via a law firm (the Mondelez International data breach).

In 1947, Hank Williams wrote and recorded the song “Move It On Over,” considered one of the earliest examples of rock and roll music. The song follows a man forced to sleep in the doghouse after coming home late at night and not being allowed into his house by his wife. It’s only fitting that “Move It On Over” is the title of this episode because the MOVEit file transfer attack has impacted over 100 organizations, all of which probably want the file transfer software tool to sleep in their doghouse house rather than the house itself.

MOVEit File Transfer Attack

Two weeks ago, the U.S. government confirmed that multiple federal agencies fell victim to cyberattacks exploiting a security vulnerability in the popular file transfer tool MOVEit. CISA confirmed to TechCrunch that “several” U.S. government agencies experienced intrusions related to the exploitation of a vulnerability in MOVEit Transfer and that the attacks were attributed to the Russia-linked Clop ransomware gang. Now, weeks after, additional victims are coming forward.

According to Cybersecurity Dive, over 100 organizations have been impacted by the MOVEit file transfer attack. Criminals stole the private data of between 2.5 and 2.7 million Genworth Financial life insurance policyholders. Other big names affected include PwC and EY, which were posted by the Clop ransomware gang.

PwC says it used the software in a limited number of client engagements and stopped using it once it learned of the incident. They say they reached out to a small number of clients whose files were impacted to discuss the attack. EY officials say they began investigating in May, and while most of their systems appear not to have been compromised, they are still looking into the extent of the attack.

The California Public Employees’ Retirement System (CalPERS) says the personal data of its members was downloaded in connection to the PBI breach (the third-party vendor that works with Genworth Financial). Impacted information includes names, Social Security numbers (SSN), dates of birth, employers’ names and family names.

As of Monday, June 26, the ITRC had tracked 14 organizations impacted by the MOVEit file transfer attack (including Oregon and Louisiana DMV breaches), affecting 14 million people. This breach has already gotten messy and will likely get messier before it improves.

Listen to ITRC COO James E. Lee discuss the Oregon DMV breach with the Oregonian here.

Mondelez International Data Breach

While the MOVEit file transfer attack has dominated the airwaves, it is not the only data incident. Mondelez International reports that the personal information of more than 51,000 current and former employees was accessed after a breach at the law firm of Bryan Cave Leighton Paisner, which provided legal services to the food and snack company.

After detecting suspicious activity in February, they launched an investigation. It revealed that a criminal obtained data that included names, addresses, dates of birth, employee identification numbers, SSNs, and Mondelez retirement and thrift plan information.

ITRC to Release H1 2023 Data Breach Analysis

The ITRC will continue to track these data breaches and provide updates as they become available. On that note, watch for our Data Breach Report for the first half of the year, which will be released on July 12. James E. Lee will have a podcast on the findings on July 14. We won’t give away any teasers, but let’s just say some of the findings could make you do a double-take. You can download the report on the ITRC’s website under the “publications” section.

Contact the ITRC

If you want to know more about how to protect your business or personal information, or if you think you have been the victim of an identity crime, you can speak with an expert ITRC advisor on the phone, chat live on the web, or exchange emails during our normal business hours (Monday-Friday, 6 a.m.-5 p.m. PST). Just visit www.idtheftcenter.org to get started.

Thanks again to Sentilink for their support of the ITRC and this podcast. Next week, we will have a special episode of our sister podcast, The Fraudian Slip, featuring the second part of our conversation with Stephen Smith of Intellectual Technology, Inc. on biometrics and the abuse of driver’s license information. We will return in two weeks with another episode of the Weekly Breach Breakdown.