Three more organizations have reported data breaches linked to vulnerabilities in the MOVEit software. Sovos Compliance clients, including UBS Financial Services Inc, Atlantic Shareholder Services, Patelco Credit Union, Bangor Savings Bank, Pan-American Life Insurance Group, and Celink, have potentially had customer information, including names and Social Security numbers, accessed by unauthorized individuals. In addition, the Better Outcomes Registry & Network (BORN), a government agency in Ontario, experienced a ransomware attack that could have exposed the personal information of up to 3.4 million people. The compromised data includes names, addresses, postal codes, dates of birth, health card numbers, and additional health-related information.
BORN Ontario was made aware of the vulnerability in MOVEit software by Progress Software, a vendor it used for secure data transfers. The organization immediately took steps to contain the threat and launched an investigation by third-party cybersecurity experts. BORN Ontario reported the incident to law enforcement and the Information and Privacy Commissioner. The investigation confirmed that files transferred using MOVEit software were affected, but the BORN Information System (BIS) was not compromised. The affected MOVEit FTP Server has been decommissioned and will remain offline until the necessary changes are made to ensure safe file transfers.
Experts have highlighted the incident as an example of the risks posed by third-party vendors. James McQuiggan, a security awareness advocate, emphasized the importance of having a comprehensive incident response plan in place to minimize damage in the event of a breach. He also noted that attacks through third-party vendors are becoming increasingly common and can have far-reaching consequences for organizations.
Another organization affected by the MOVEit vulnerability is the National Student Clearinghouse, a not-for-profit that provides reporting and verification services to colleges and universities in North America. It recently disclosed a data breach that may have exposed the personal data of students, including names, contact information, social security numbers, and school-related records. The incident highlights the cybersecurity challenges faced by educational institutions, which often have limited resources and expertise in this area. Experts recommend implementing multifaceted cybersecurity strategies that include employee training, regular software updates, and intelligence-powered cybersecurity solutions to identify emerging threats and vulnerabilities.
The education sector has been identified as an attractive target for cybercriminals due to its limited cybersecurity resources. Darren Williams, CEO and Founder of BlackFog, stressed the need for schools to invest in updated technologies to keep up with evolving attack techniques. He also noted that the full extent of the MOVEit breach is yet to be determined and that the list of victims is likely to grow. The U.S. Department of Education and the White House have recently announced initiatives to improve cybersecurity in K-12 schools, including public information campaigns and partnerships with organizations in the education sector.
Nick Tausek, Lead Security Automation Architect at Swimlane, echoed the need for increased cybersecurity resources in the education sector and highlighted the importance of hiring cybersecurity professionals. He also emphasized the value of security automation in detecting and responding to threats in real-time, as well as ensuring the security of third-party vendors. Tausek suggested that low-code security automation could be a solution for schools with limited staff, as it can automate basic security tasks and provide full visibility into IT environments.
In conclusion, organizations affected by the MOVEit vulnerabilities should adopt best practices to protect themselves, including implementing a layered security approach, staying up to date with patches and updates, and leveraging threat intelligence. The incidents serve as a reminder of the ongoing risks posed by vulnerabilities in widely used software and the importance of proactive cybersecurity measures.