The PBI Research Services/Berwyn Group, a third-party vendor, experienced a significant data breach related to the MOVEit Transfer system. The breach impacted a total of approximately 4.92 million individuals.
Unauthorized actors targeted the MOVEit Transfer system, affecting multiple organizations:
California Public Employees’ Retirement System (CalPERS):
- Data of 769,000 retirees was compromised.
- CalPERS CEO Marcie Frost expressed strong disapproval, calling the PBI breach “inexcusable.”
Tennessee Consolidated Retirement System:
- 171,836 retirees and/or beneficiaries were impacted.
Wilton Re:
- Nearly 1.5 million individuals were affected.
Genworth:
- The largest breach involved personal information for approximately 2.5-2.7 million individuals who are either customers or insurance agents.
Specific weaknesses are not disclosed, but potential vulnerabilities could include:
- Third-Party Risks: Assessing security practices of vendors like PBI Research Services.
- Access Controls: Unauthorized access suggests weak controls.
The breach was likely discovered during routine monitoring or incident response efforts.
Potentially impacted personal data includes:
- Name
- Date of birth
- Social Security number
- Passport number
- Driver’s license number
- Tax ID number
In response, the affected organizations likely notified their respective individuals but the breach highlights the importance of robust third-party risk management.
Third-party breaches can have far-reaching consequences. Vigilance and proactive security measures are essential for safeguarding sensitive data.