Andesa Services reports MOVEit related data breach

Andesa Services, acting on behalf of New York Life Insurance Company, reported a data breach to the Attorney General of Maine, revealing that over 30,000 New York Life policyholders were affected by a well-known vulnerability in MOVEit.

On May 31, 2023, Progress Software, the developer of MOVEit, disclosed a critical vulnerability in the application. Andesa promptly applied available patches and implemented measures to mitigate potential unauthorized access. Additionally, Andesa initiated an investigation, enlisting the assistance of third-party data security experts.

The investigation confirmed that an unauthorized entity accessed Andesa's MOVEit server between May 30, 2023, and May 31, 2023, gaining access to sensitive data stored on the server. Andesa reviewed compromised files to identify the information that was compromised and the affected consumers. While the breached data may vary for each individual, it could include names and Social Security numbers.

On October 23, 2023, Andesa commenced the distribution of data breach notification letters to individuals impacted by the security incident, providing them with details of the compromised information.