MESVision attack exposes nearly 350K individuals


MESVision, a California-based vision care provider, has fallen victim to the MOVEit Transfer hack, which exposed hundreds of thousands of individuals’ personal details.

The healthcare provider has begun informing customers that it’s joined the long list of victims of the MOVEit Transfer hack, carried out by the Cl0p ransomware cartel.

According to MESVision’s breach notification letter, the company was managing the vision benefits of an unnamed client. In late August, MESVision discovered that attackers had exfiltrated its customer data in late May.

ADVERTISEMENT

The attack resulted from the MOVEit Transfer zero-day vulnerability, which allowed attackers to access servers containing information about individuals enrolled in vision benefit plans managed by MESVision and download the data stored there.

While the breach notification letter, which MESVision submitted to Maine’s Attorney General, didn’t provide exact details about the data attackers may have accessed, the company admitted that Social Security numbers (SSNs) were exposed.

The MESVision attack exposed 346,828 people in total.

Once stolen, SSNs, individual names, and other sensitive data may end up on underground marketplaces, where cybercriminals can buy the data to use in whichever way they like.

MESVision advised impacted individuals to stay vigilant against attempts at identity theft or fraud. The company said it would offer attack victims complimentary identity monitoring for 18 months.

Earlier this year, the Cl0p ransomware cartel exploited a zero-day bug in the MOVEit Transfer software, allowing attackers to steal multiple companies’ data.

According to researchers at Emsisoft, over 2,500 organizations – mainly in the US – and over 66 million individuals have been impacted by MOVEit attacks by the Russia-linked ransomware cartel.

Taking IBM’s estimate, which puts the cost of an average data breach at $165 per leaked record, the impact of Cl0p attacks would add up to a staggering $10.7 billion.

ADVERTISEMENT