Data theft Happens Because of MoveIT Vulnerability
In one of the biggest hacks or data leaks to have hit the US, healthcare and personal data of over 10 million people have been stolen by a group of hackers, targeting IBM. The hackers exploited a vulnerability in the super popular MOVEit file transfer software that IBM uses. Hackers did not damage the network, they only stole data. The Department of Social Services (DSS) made it clear that this data breach didn’t mess with their systems directly, but it did mess with the data they had. So, names, client numbers, birthdates, benefits info, and medical claims data might’ve been nabbed. Statement from NVD : In Progress MOVEit Transfer before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.0.1 (15.0.1), SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain access to MOVEit Transfer's database. Depending on the database engine being used (MySQL, Microsoft SQL Ser