At a glance.
- University of Minnesota data breach leads to litigation.
- US energy company suffers third-party data breach.
University of Minnesota data breach leads to litigation.
As we previously discussed, the US college the University of Minnesota disclosed it suffered a data breach in late July, and the hacker allegedly responsible claims to be in possession of 7 million Social Security numbers linked to members of the college community. Fox 9 now reports that a former student and former employee who fear their data might have been exposed have filed a class action lawsuit against the school. The university has not yet commented on the suit, but last week confirmed it had enlisted the help of law enforcement to carry out a breach investigation, which is still underway. It’s worth noting that the incident appears to be yet another casualty tied to the mass-hack of the popular MOVEit app, which the university used to transfer files.
US energy company suffers third-party data breach.
Eversource, one of the largest energy companies in the US state of Massachusetts, has disclosed that a third-party vendor software bug may have exposed customer data. The vendor is CLEAResult, which supplies Eversource with software used to track energy efficiency programs. In a notification to customers, Eversource stated, "Some file copies were taken from CLEAResult’s systems. CLEAResult has advised us that they moved quickly to take appropriate security measures to fix this vulnerability, are completing their investigation into this incident and complying with all laws.” The utility company, which provides gas and electric services communities across Massachusetts, went on to say that the potentially exposed data include customer names, addresses, and energy usage info. The Patch notes that this is Eversource’s second data breach in as many years, as in 2021 a cloud server was left unsecured, exposing company data that included Social Security numbers.
Darren Williams, CEO and Founder of BlackFog, commented on the way the supply chain risk of MOVEit exploitation continues to spread. "Eversource joins a very long list of organizations caught up in the MOVEit exploit. The abundance of companies facing the devastating consequences of data loss has highlighted how many organizations have left themselves wide open for data exfiltration and extortion. Ransomware today is all about data exfiltration, as it is involved in 89% of cyber attacks, and a few, if any, attacks leveraging encryption tactics. These types of attacks aren’t going anywhere, so organizations must look to newer technologies to protect their most valuable asset, their data. The focus must be on preventing unauthorized data from leaving the organization by using next-generation anti data exfiltration solutions. Without adequate protection, organizations will continue to be at the mercy of cybercriminals who will use any means necessary to extort them.”