The University of Rochester has become the latest victim of a massive data breach involving the popular file transfer application, MOVEit. In an update to the school’s breach disclosure, University President Sarah Manglesdorf sent an email to the university community explaining that “foreign cyber criminals” had gained access to employee and student personal information, as well as data on their spouses, domestic partners, and dependents enrolled in the benefits program.
The breach, which impacted approximately 2,500 organizations worldwide, did not affect the university’s broader network, including systems connected to UR Medicine. Despite the breach, the university assured its community that it has taken steps to address the issue and mitigate any potential harm caused by the unauthorized access.
In another incident related to MOVEit, Fayette County in the state of Georgia announced that its billing provider for fire and emergency services experienced a data breach. The attacker accessed data in the MOVEit server, potentially compromising information belonging to 2,625 individuals associated with Fayette County Fire and Emergency Services. The billing provider, EMS Management and Consultants, Inc., has already patched the tool and taken measures to protect the data. So far, there have been no reports of attempted misuse of the compromised information. The company is working with third-party cybersecurity experts to fully understand the scope of the breach and prevent any further incidents.
In a surprising twist, cyber scammers have been capitalizing on the popularity of the new Barbie movie to launch malicious campaigns. Steve Grobman, chief technology officer of McAfee, explained that cybercriminals often exploit popular events and releases to trick users into clicking on malicious links. In the case of the Barbie movie, scammers have been distributing fake downloads of the film that install spyware or malware on the target’s device. Additionally, scammers have been using the promise of free movie tickets as a lure to trick Barbie fans into revealing their personal information. In the last three weeks alone, over one hundred instances of malware with Barbie-related filenames have been reported.
These scams have primarily targeted users in the United States, but activity has also been observed in Australia, Spain, and the United Kingdom. Users are advised to exercise caution and skepticism when encountering online promotions or giveaways that seem too good to be true, as they are likely to be phishing attempts.
The University of Rochester and Fayette County incidents highlight the continued vulnerability of third-party software and the importance of comprehensive cybersecurity measures. Organizations must remain vigilant in their efforts to protect sensitive data and regularly update and patch their systems to defend against the ever-evolving tactics of cybercriminals. Additionally, individuals must exercise caution when interacting with online content and be wary of sharing personal information or clicking on suspicious links.
As the threat landscape continues to evolve, both organizations and individuals must prioritize cybersecurity and take proactive steps to protect themselves from potential breaches and cyber attacks.