.png?width=200&height=78&name=CH%20Diligence%20(thicker%20line).png "CH Diligence (thicker line).png")
Know Your Breach: Maximus
Jul 28, 2023 2:21:47 PM
The Target: Government services provider Maximus and 513 organizations impacted by the MOVEit hack.
The Take: According to Maximus, the attackers stole files containing personal information and protected health information, including Social Security numbers, “of at least 8 to 11 million individuals”.
The Vector: Disclosed at the end of May, the attack involved the exploitation of a zero-day vulnerability in the MOVEit Transfer managed file transfer (MFT) software, allowing cybercriminals to tap into the data transferred through the service.
A zero-day vulnerability is a vulnerability in a system or device that has been disclosed but is not yet patched. This breach is a reminder of how regular vendor assessments are a key component in cybersecurity. The breach highlights the extreme importance of timely software updates for known software vulnerabilities, not only in systems directly under a firm’s control but in third-party systems the firm relies upon as well.
