US Pension Fund Hit By MoveIT Vulnerability

Uploaded on 2023-06-26 in TECHNOLOGY--Hackers, FREE TO VIEW, BUSINESS-Services-Financial

The California Public Employees’ Retirement System, Calpers, the biggest public pension plan in the US, is now the latest organisation to be hit by the MOVEit cyber attack with about 769k of its members affected by the global data breach.

The hackers also may have stoled the information on Calpers members’ former or current employers, spouses or domestic partners, and children. All types of retirees are affected, whether they worked for the state, public agencies, school districts, in the courts or in the California legislature.

In a statement published on Calpers website, the $442bn pension fund has told its retired members that some of their personal information, including dates of birth and social security numbers, were stolen in a damaging supply chain exploit. It blamed the breach on a third-party vendor that verifies deaths. The same vendor, PBI Research Services/Berwyn Group, also lost the personal data of at least 2.5 million Genworth Financial policyholders, including Social Security numbers, to the same criminal gang, according to the Fortune 500 insurer.

The hack involved a vulnerability in the MOVEit file transfer service from the Progress software company, who informed customers on May 31 that its software had an unknown weakness enabling hackers to steal large amounts of data.

“On June 6, 2023, PBI notified Calpers that a previously unknown ‘zero-day’ vulnerability in their MOVEit Transfer Application allowed our data to be downloaded by an unauthorised third party,” Calpers said in the statement. A zero-day vulnerability is a security flaw that has not yet been identified or patched by the software provider.

Calpers chief executive Marcie Frost commented .“This external breach of information is inexcusable... Our members deserve better. As soon as we learned about what happened, we took fast action to protect our members’ financial interests, as well as steps to ensure long-term protections.”

PBI has reported the matter to federal law enforcement and has told Calpers it has resolved the vulnerability while also putting additional security measures in place. Earlier this month, tens of thousands of employees at some of Britain’s biggest companies had their personal data compromised by a Russian-speaking criminal group, known a CLOP, understood to be behind the MOVEit hack, which has quickly spread to the US

Prior demands from the suspected Russian gang, which has been called Clop by cyber security experts, have regularly been more than $1m and as high as $35m. The Clop hacking group is known to hunt for vulnerabilities in secure file-transfer software, since companies are often required by law to handle some of their most valuable data with such providers.

Govtech:     KCRA:         FT:     Fox:    CBS:    SacBee

You Might Also Read: 

Cyber Security & The  Financial Services Industry:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

 

Cyber Security Intelligence: Captured Organised & Accessible

 

« Twenty Million Scam Emails Reported In Britain
Canada Challenges Meta Over Access To News »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

TenIntelligence

TenIntelligence

TenIntelligence provides due diligence, brand protection and fraud investigation services including digital forensics.

CrowdStrike

CrowdStrike

CrowdStrike is a global provider of security technology and services focused on identifying advanced threats and targeted attacks.

Baker McKenzie

Baker McKenzie

Baker & McKenzie is an international law firm. Practice areas include Data & Technology.

iQuila

iQuila

iQuila is a virtual overlay network which runs on top of an existing network. It creates a secure software enabled layer 2 connection across the internet or any public or private cloud.

Gita Technologies

Gita Technologies

Gita Technologies works to create integrated solutions to the thorniest problems in the field of intelligence and cyber today.

WWPass

WWPass

WWPass is a global cybersecurity company that provides password-less authentication and client-side encryption technology.

German Israeli Partnership Accelerator (GIPA)

German Israeli Partnership Accelerator (GIPA)

GIPA is based on two pillars: it is an incubator aimed at young academics and a program to transfer cybersecurity expertise to corporate partners.

CorkBIC International Security Accelerator

CorkBIC International Security Accelerator

CorkBIC International Security Accelerator invests in early stage disruptive companies in the security industry including, Cybersecurity, Internet of Things (IOT), Blockchain and AI.

New Net Technologies (NNT)

New Net Technologies (NNT)

NNT SecureOps provides ultimate protection against all forms of cyberattack and data breaches by automating the essential security controls.

IntelliGenesis

IntelliGenesis

IntelliGenesis provide comprehensive cyber, data science, analysis, and software development services that provide tailored, secure solutions for your critical data and intelligence needs.

National Institute for Research & Development in Informatics (ICI Bucharest) - Romania

National Institute for Research & Development in Informatics (ICI Bucharest) - Romania

ICI Bucharest is the most important institute in the field of research, development and innovation in information and communication technology (ICT) in Romania.

Mainstream Technologies

Mainstream Technologies

Mainstream Technologies is an information technology services firm specializing in custom software development, managed IT services, cybersecurity services and hosting.

Aim Security

Aim Security

Aim empowers enterprises to unlock the full potential of GenAI technology without compromising security. GenAI makes business better - Aim makes GenAI secure.

Secure Cyber Management

Secure Cyber Management

Secure Cyber Management provides industry-leading cloud security advice, guidance and services.

Qodea

Qodea

Qodea (formerly Appsbroker CTS) is Europe's largest Google Premier only transformation partner.

Scinary Cybersecurity

Scinary Cybersecurity

Scinary was founded in 2015 on the premise that cybersecurity should not be limited to just large corporations or large government entities.