In a recent incident, the personal details of Standard Insurance customers were exposed in a data breach. The breach occurred on servers belonging to PBI Research Services, a company processing data for Standard Insurance, and was being hosted by NTT DATA Americas. This breach has impacted over 300,000 individuals, highlighting the urgent need for stronger cybersecurity measures.
Impact and exposure
The attacker gained unauthorized access to Standard Insurance data through the MOVEit Transfer service used by PBI Research Services. NTT DATA Americas, the subsidiary of the Japanese multinational IT company NTT DATA, has informed affected individuals about the breach. According to information disclosed to the Maine Attorney General, approximately 308,072 people had their personal details compromised in this attack.
Risks of Social Security Number (SSN) exposure
The compromised personal details include names and Social Security numbers (SSNs). The exposure of SSNs poses significant risks as the stolen data can be used by impersonators for identity theft. Combined with names and driver’s license numbers, stolen SSNs provide the necessary ammunition for criminals to commit various forms of fraud, including financial and medical identity theft. This breach underscores the critical importance of protecting such sensitive information.
Role of PBI Research Services
PBI Research Services, a US-based population management solutions provider, was exposed to this attack due to the utilization of the MOVEit Transfer service. This platform served as the entry point for the malicious actors to gain unauthorized access to the data processed for Standard Insurance. The incident emphasizes the need for organizations to conduct thorough risk assessments and ensure the security of third-party services they rely on.
NTT DATA Americas: A Major IT Player
NTT DATA Americas, a subsidiary of the Japanese multinational IT company NTT DATA, plays a crucial role in the incident. With over 139,000 employees and revenues exceeding $30 billion, NTT DATA is a major player in the global technology industry. However, this breach raises concerns about the company’s security protocols and highlights the importance of implementing robust cybersecurity measures.
Scope of MOVEit Transfer attacks
The MOVEit Transfer attacks have caused widespread damage. Over 980 organizations and nearly 60 million individuals have been confirmed to be impacted by these attacks. The ransomware gang Cl0p has claimed responsibility for these breaches, targeting various sectors and industries. This extensive scale of the attacks reveals the urgent need for enhanced cybersecurity practices and vigilance in the face of evolving threats.
Other affected organizations
Standard Insurance is not the only organization affected by the MOVEit Transfer attacks. Numerous well-known companies, including TD Ameritrade and American Airlines, have had their clients’ personal data exposed in this breach. The significant list of targeted entities also includes TJX, TomTom, Pioneer Electronics, and AMC Theatres. These incidents highlight the importance of organizations, irrespective of their size or industry, prioritizing cybersecurity as a foundational element of their operations.
The massive data breach at NTT DATA Americas, impacting Standard Insurance customers, serves as a wake-up call for organizations around the world. The exposure of personal details, including Social Security numbers, underscores the severe risks posed by such incidents. It is crucial for businesses to invest in robust cybersecurity measures, conduct regular risk assessments, and ensure the security of their third-party service providers. This incident highlights the need for heightened vigilance and comprehensive security protocols to protect sensitive personal information from falling into the wrong hands.