US Government Supplier Serco reports MOVEit related data breach
Learn More
US government contractor Serco Inc, disclosed a data breach after attackers targeted a third-party vendor's MoveIT managed file transfer (MFT) server.
The compromised information was exfiltrated from the file transfer platform of CBIZ, their benefits administration provider.
The breach at CBIZ reportedly began in May 2023, and the company took measures to mitigate it on June 5, 2023. Serco emphasized that their own systems were not affected by the breach, and the safety and security of their systems remained intact.
The personal information exposed in the attack includes a combination of sensitive data, including:
- names,
- U.S. Social Security Numbers,
- dates of birth,
- home mailing addresses,
- Serco and personal email addresses,
- selected health benefits for the year.
The breach resulted in the theft of personal information belonging to more than 10,000 individuals.
As a major government contractor, Serco's clientele includes several U.S. federal agencies, such as the Departments of Homeland Security, Justice, and State, along with various U.S. Intelligence Agencies and multiple branches of the U.S. Armed Forces. It's not clear whether any of their customer's data is also exposed in the breach.
Serco is actively working with CBIZ to investigate the breach further and assess the full extent of the incident. Their focus is on ensuring that CBIZ implements appropriate security measures to prevent similar incidents in the future. Additionally, a cybersecurity firm is conducting a thorough investigation into the matter.
