Allegheny County and other victims of the MOVEit Transfer cyberattacks are starting to reveal the impact the mass-exploited vulnerability has left.
August 03, 2023 - In a recent string of cyberattacks involving the MOVEit Transfer system, Allegheny County has stood out as one of the largest affected, with a staggering 689,686 individuals data exposed.
MOVEit, a popular file transfer tool owned by Progress Software, was found to have a flaw related to SQL injection. This allowed unauthorized actors to gain access to MOVEit Transfer’s database, leading to several attacks across different sectors. The criminal group Clop ransomware took interest in this vulnerability, and has claimed responsibility for many of these incidents.
The County became aware of the software vulnerability in MOVEit on June 1, 2023, and identified the period of exposure as between May 28 and May 29, 2023. The cybercriminals were able to access and download files belonging to the County during this time frame.
The data involved in the breach included sensitive personal information, such as Social Security numbers, dates of birth, driver’s license numbers, taxpayer identification numbers, and student identification numbers. Some individuals also had medical information exposed, including details of diagnoses, treatment types, admission dates, and health insurance information.