8 million people hit by data breach at US govt contractor Maximus

U.S. government services contractor Maximus has disclosed a data breach warning that hackers stole the personal data of 8 to 11 million people during the recent MOVEit Transfer data-theft attacks.

Maximus is a contractor that manages and administers US government-sponsored programs, including federal and local healthcare programs and student loan servicing. The company employs 34,300 people and has an annual revenue of about $4.25 billion, with a presence in the U.S., Canada, Australia, and the United Kingdom.

In an 8-K form filed with the Securities and Exchange Commission (SEC), Maximum disclosed that the data was stolen using a suffered a zero-day flaw in the MOVEit file transfer application (CVE-2023-34362). The Clop ransomware gang widely exploited this flaw to breach hundreds of high-profile companies worldwide.

After investigating the breach, Maximus found no indication that the hackers progressed further than the MOVEit environment, which was immediately isolated from the rest of the corporate network.

Full article here https://www.bleepingcomputer.com/news/security/8-million-people-hit-by-data-breach-at-us-govt-contractor-maximus/

#databreach #maximus #usa #government #yokdata #security #blog