A class action lawsuit has been filed against the University of Minnesota following a data breach that occurred in late July. The university announced that it had experienced a breach, with the hacker claiming to have gained access to 7 million Social Security numbers associated with members of the college community. Two individuals, a former student and a former employee, have now filed a lawsuit against the school, expressing concerns that their data may have been exposed. The university has not yet responded to the lawsuit but previously confirmed that it had engaged law enforcement to investigate the breach.
The data breach at the University of Minnesota is believed to be linked to the larger-scale cyberattack on the MOVEit app, a popular file transfer software used by the university. The breach is still under investigation, and the university has not provided specific details about the extent of the data compromise.
In a separate incident, Eversource, one of the largest energy companies in Massachusetts, has disclosed a third-party data breach. The breach stemmed from a software vulnerability within a vendor system supplied by CLEAResult, which Eversource uses for energy efficiency program tracking. Eversource has assured its customers that appropriate security measures have been implemented by CLEAResult to address the vulnerability, and an investigation is underway.
According to Eversource, the potentially exposed data includes customer names, addresses, and energy usage information. This marks the company’s second data breach in as many years, as a cloud server was left unsecured in 2021, resulting in the exposure of company data, including Social Security numbers.
Darren Williams, CEO and Founder of BlackFog, commented on the broader issue of supply chain risks posed by the exploitation of the MOVEit app. He emphasized that organizations must prioritize data protection and implement next-generation anti-data exfiltration solutions to prevent unauthorized data from leaving their systems. Williams highlighted the prevalence of ransomware attacks involving data exfiltration, which account for 89% of cyberattacks. Without proper safeguards, organizations remain vulnerable to cybercriminals seeking to exploit their data for extortion.
Data breaches continue to pose significant risks to organizations and individuals, highlighting the importance of robust cybersecurity measures. These incidents underscore the need for proactive security strategies and the implementation of cutting-edge technologies to safeguard sensitive data. As cyber threats persist and evolve, organizations must remain vigilant and prioritize the protection of their most valuable asset: data.