US govt contractor Maximus impacted by MOVEit vulnerability, expose 8,000,000 individuals
Learn More
U.S. government services contractor Maximus reported a significant data breach, affecting a staggering 8 to 11 million individuals. As a contractor managing and administering various government-sponsored programs, including healthcare initiatives and student loan servicing, Maximus handles a massive amount of sensitive personal information.
The data breach also exposes the personal and health information of approximately 612,000 Medicare beneficiaries, according to the Centers for Medicare and Medicaid Services (CMS).
The breach occurred during a series of data-theft attacks targeting the MOVEit Transfer system. In response to the breach, Maximus isolated the compromised MOVEit environment from the rest of its corporate network. While this containment measure prevented the hackers from further infiltrating the company's systems, it was not enough to prevent a considerable compromise of sensitive data.
The company found that the stolen data exposed at least 8 to 11 million individuals and contains highly sensitive information, including:
- social security numbers,
- protected health information,
- other personal details (not specified by Maximus)
Consequently, Maximus is now in the process of notifying these individuals about the breach.
Update - Centers for Medicare and Medicaid Services (CMS) and and Maximus encourage affected individuals to partake in a free 24-month credit monitoring service through Experian.
