Maximus: U.S. Government Contractor Hit By A Massive Data Breach

The U.S. government services contractor Maximus has recently disclosed a massive data breach that has impacted over 8 million individuals.

The breach was executed by hackers exploiting a zero-day vulnerability in the MOVEit Transfer application, a file transfer system used by Maximus to share data with government customers participating in various programs.

Here’s what we know about the breach so far:

The Scope of the Breach

Maximus estimates that the personal data of at least 8 to 11 million individuals has been compromised in the breach.

According to the 8-K form filed with the Securities and Exchange Commission (SEC), the stolen data includes sensitive information such as Social Security numbers, protected health information, and other personal details.

The company has not yet confirmed the exact number of affected individuals, as the investigation is still ongoing.


Impact on Maximus

As a contractor managing and administering various government-sponsored programs, the data breach has dealt a significant blow to Maximus.

Due to the breach, the company plans to record an expense of approximately $15 million for investigating and remediating the incident.

The investigation into the data breach is still ongoing, and Maximus is working to determine the full extent of the compromise.

The company has started notifying affected customers, as well as federal and state regulators, about the breach.

However, the process of notifying all impacted individuals is expected to take several more weeks.

Well-Known Perpetrators And Wider Impact

The group responsible for this large-scale data breach is the Clop ransomware gang.

They targeted hundreds of high-profile companies worldwide using the zero-day flaw in the MOVEit Transfer application.

Clop has listed numerous organizations on its dark web leak site, indicating the scale of the attacks. Accountancy giants, Deloitte, PwC, and Ernst & Young are among the victims.

Speaking of the worldwide impact, the MOVEit Transfer hacks have affected more than 500 organizations, exposing the personal information of over 34.5 million people.

The breach at Maximus is just one example of the serious threat posed by cyberattacks, especially when exploiting zero-day vulnerabilities.

For more news and updates on Cybersecurity, visit The Cybersecurity Club.

Post navigation

Unveiling The Zero-Day Vulnerability: MOVEit Transfer’s Security Under Scrutiny

UK Government Risk Register: Unveiling the UK’s Multifaceted Security Challenges

Tesla Breaching Privacy: Does The Company Spy On Its Customers?

Pair Of Megaupload Sentenced For Kim Dotcom’s Online Empire