Government Contractor the Victim of Monster Data Breach
August 16, 2023
The Social Security numbers, birth dates, driver’s license numbers, health insurance claims, medical history notes, prescription information and other PII of 612,000 Medicare beneficiaries were stolen last May, in a data breach by government contractor Maximus Federal Services. Maximus detected suspicious activity in a file transfer application used by commercial and government customers called MOVEit, which it shut down the following day. The app’s provider, Progress Software Corporation, also disclosed a vulnerability in the program the next day that “allowed an unauthorized party to gain access to files across many organizations in both the government and private sectors.” Louisiana’s Office of Motor Vehicles, Oregon’s driver’s license database, Siemens Energy, UCLA and British Airways were also affected. Maximus admits that the files impacted contain Social Security numbers and protected health information “of at least 8 to 11 million people” who must be notified. Medicare beneficiaries have been advised to review their quarterly statement of Medicare charges, for any suspicious activity, and check their online Medicare accounts. Maximus has begun sending apology letters.
Critical intelligence for general counsel
Stay on top of the latest news, solutions and best practices by reading Daily Updates from Today's General Counsel.
Daily Updates
Sign up for our free daily newsletter for the latest news and business legal developments.