At a glance.
- MOVEit breaches continue to pile up.
- Highly sensitive school data exposed in unsecured storage bucket.
- The breachers get breached.
MOVEit breaches continue to pile up.
Two more MOVEit-related data breaches have come to light. JDSupra reports that financial software company Sovos Compliance, LLC has filed a notice of data breach on behalf of Northwestern Mutual, a leading US financial services and insurance company. It was discovered that the vulnerability in the MOVEit secure file transfer program used by Sovos allowed an intruder to access and download files containing sensitive information linked to Northwestern customers. Sovos Compliance has reviewed the stolen files to determine what information was exposed and which customers were impacted but has not yet released details on its findings.
Meanwhile, Pacific Premier Bank, a financial services provider based out of the US state of California, has also disclosed it suffered a third-party data breach involving a vendor’s use of MOVEit. Pacific Premier Bank and the vendor, which has not been identified, have worked together to determine exactly what was exposed, and while it varies depending on the individual, the compromised data include sensitive consumer information like names, Social Security numbers, account numbers, and other personally identifiable information. JDSupra notes that the breach was limited to the vendor’s MOVEit server and did not impact data stored in any other part of the network.
Highly sensitive school data exposed in unsecured storage bucket.
Cybersecurity researcher Jeremiah Fowler discovered an unprotected database containing nearly 700,000 records linked to the Southern Association of Independent Schools, Inc (SAIS), a professional nonprofit that supports independent schools in the US and other countries. The exposed data spans from 2012 to 2023 and includes sensitive information like student and teacher records, health information, Social Security numbers, active shooter and lockdown notifications, and most worryingly, security reports assessing weaknesses in school security. Upon learning of the breach, SAIS moved quickly to secure the 572.8 GB of data, HackRead says it’s unclear whether the impacted individuals or relevant authorities were notified.
The breachers get breached.
Underground hacker forum BreachForums was seized back in March, but a stolen database apparently linked to the defunct hacking site has been posted for sale online. The seller is a threat actor known as “breached_db_person,” and the database contains 212,000 records including usernames, IP and email addresses, private messages exchanged between forum members, and argon2-hashed passwords. Just as a refresher, before its seizure BreachForums was found to be leaking highly sensitive US government data including the No Fly List, details on the Federal Bureau of Investigation's InfraGard organization, and information stolen from DC Health Link, a health insurance marketplace used by many powerful government officials. While a stolen database is never a good thing, HackRead notes that this one could potentially provide researchers and law enforcement with valuable info on previous leaks and the identities of hackers linked to the forum. Breach notification service Have I Been Pwned has verified the authenticity of the data, apparently at the request of the seller, who likely hopes this will attract potential buyers. Offers currently range from $100,000 to $150,000.