US Pension Fund Hit By MoveIT Vulnerability

Uploaded on 2023-06-26 in TECHNOLOGY--Hackers, FREE TO VIEW, BUSINESS-Services-Financial

The California Public Employees’ Retirement System, Calpers, the biggest public pension plan in the US, is now the latest organisation to be hit by the MOVEit cyber attack with about 769k of its members affected by the global data breach.

The hackers also may have stoled the information on Calpers members’ former or current employers, spouses or domestic partners, and children. All types of retirees are affected, whether they worked for the state, public agencies, school districts, in the courts or in the California legislature.

In a statement published on Calpers website, the $442bn pension fund has told its retired members that some of their personal information, including dates of birth and social security numbers, were stolen in a damaging supply chain exploit. It blamed the breach on a third-party vendor that verifies deaths. The same vendor, PBI Research Services/Berwyn Group, also lost the personal data of at least 2.5 million Genworth Financial policyholders, including Social Security numbers, to the same criminal gang, according to the Fortune 500 insurer.

The hack involved a vulnerability in the MOVEit file transfer service from the Progress software company, who informed customers on May 31 that its software had an unknown weakness enabling hackers to steal large amounts of data.

“On June 6, 2023, PBI notified Calpers that a previously unknown ‘zero-day’ vulnerability in their MOVEit Transfer Application allowed our data to be downloaded by an unauthorised third party,” Calpers said in the statement. A zero-day vulnerability is a security flaw that has not yet been identified or patched by the software provider.

Calpers chief executive Marcie Frost commented .“This external breach of information is inexcusable... Our members deserve better. As soon as we learned about what happened, we took fast action to protect our members’ financial interests, as well as steps to ensure long-term protections.”

PBI has reported the matter to federal law enforcement and has told Calpers it has resolved the vulnerability while also putting additional security measures in place. Earlier this month, tens of thousands of employees at some of Britain’s biggest companies had their personal data compromised by a Russian-speaking criminal group, known a CLOP, understood to be behind the MOVEit hack, which has quickly spread to the US

Prior demands from the suspected Russian gang, which has been called Clop by cyber security experts, have regularly been more than $1m and as high as $35m. The Clop hacking group is known to hunt for vulnerabilities in secure file-transfer software, since companies are often required by law to handle some of their most valuable data with such providers.

Govtech:     KCRA:         FT:     Fox:    CBS:    SacBee

You Might Also Read: 

Cyber Security & The  Financial Services Industry:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

 

Cyber Security Intelligence: Captured Organised & Accessible

 

« Twenty Million Scam Emails Reported In Britain
Canada Challenges Meta Over Access To News »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Logpoint

Logpoint

Logpoint is a creator of innovative security platforms to empower security teams in accelerating threat detection, investigation and response with a consolidated tech stack.

Granite Partners

Granite Partners

Granite is a cloud service for the development of business risk management, cyber security and privacy and occupational safety and health.

Sandia National Laboratories

Sandia National Laboratories

Sandia National Laboratories is a premier science and engineering lab for national security and technology innovation.

Metrarc

Metrarc

Metrarc has developed a ground-breaking technology called ICMetrics™ for deriving secure encryption keys from the properties of digital systems without the need to store any of the encryption keys.

Lightship Security

Lightship Security

Lightship Security is an accredited Common Criteria and FIPS 140-2 IT security testing laboratory that specializes in test conformance automation solutions and IT product security certifications.

Cofrac

Cofrac

Cofrac is the national accreditation body for France. The directory of members provides details of organisations offering certification services for ISO 27001.

Prolimax

Prolimax

Prolimax deliver innovative solutions to IT Manufacturers, Distributors, Resellers and End-users including Data Erasure and secure IT Asset Disposition (ITAD)

CPP Group UK

CPP Group UK

CPP Group UK develops products to help insurers add further value to their products and services through its innovative suite of new products in FinTech, InsurTech and cyber security.

Agile Underwriting

Agile Underwriting

Agile, an underwriting agency, insurtech and Coverholder at Lloyd's, provides niche insurance products across Aviation, Marine & Cargo, Cyber and Financial Lines.

Kriptos

Kriptos

Kriptos helps businesses improve their cybersecurity, risk, and compliance strategies by locating critical information through a technology that automatically classifies and labels documents using AI.

SecOps Group

SecOps Group

SecOps Group is a boutique cybersecurity consultancy helping enterprises identify & eliminate security risks on a continuous basis.

CampusGuard

CampusGuard

CampusGuard focuses on the cybersecurity and compliance needs of campus-based organizations including higher education, healthcare, and state and local government.

Armata Cyber Security

Armata Cyber Security

Armata exists to bring Cyber Security to all people – from home users and SMBs to large enterprises. We believe all users have the right to an affordable yet effective Cyber Security solution.

FastPassCorp

FastPassCorp

In the world of IT, identity theft is a growing concern. FastPass offers an innovative solution as a cloud or on-premises offering.

Diverto

Diverto

Diverto is a company that provides a high level of information security to companies, institutions and other organisations in an information-centric world.

Palindrome Technologies

Palindrome Technologies

Palindrome Technologies help clients defend against cyberattacks across all attack surfaces, including hardware, software, network-to-cloud, people, and emerging technologies.