MOVEit Hack

[easysurfer]

Remember the new story a few months back about that major hack by a Russian cyber gang that compromised a bunch of organizations? Well, my personal info is one of those compromised .

I got a letter from a company called Pension Benefit Information, LLC is how I found out. At first I think the letter might be a scam, but after some "googling", as they say, read more about the hack.

Some background ...

A Russian cyber-extortion gang’s hack of a widely-used file-transfer program, MOVEit, could have severe global consequences, with initial victims including the BBC, British Airways, and Nova Scotia’s government. Cybersecurity experts have warned that this could be one of the most significant breaches in recent years, with the true impact becoming clearer as more information emerges.

The Cl0p ransomware syndicate announced on its dark website that its victims, potentially numbering in the hundreds, had until June 14 to negotiate a ransom or risk having sensitive stolen data dumped online. MOVEit is popular among businesses for securely sharing files, and although its parent company, Progress Software, issued a patch on May 31, many companies may have already had sensitive data exfiltrated.

https://thethaiger.com/news/world/u...k-threatens-global-corporations-including-bbc

 

[FiveDriver]

My Wife got that same letter a few days ago. Her letter mentioned some specific dates when she supposedly used MOVEit to ACH transfer funds. We checked her records and she made no transfers on the dates mentioned.

Where and How is MOVEit used in a transfer ??
Is it an underlying program to facilitate ACH transfers ??
Is this PBI LLC outfit a legit business, or just another scam ??

Not quite sure how to respond to this letter.....but I am not signing up for their 'Protection' offer.

 

[easysurfer]

My Wife got that same letter a few days ago. Her letter mentioned some specific dates when she supposedly used MOVEit to ACH transfer funds. We checked her records and she made no transfers on the dates mentioned.

Where and How is MOVEit used in a transfer ??
Is it an underlying program to facilitate ACH transfers ??
Is this PBI LLC outfit a legit business, or just another scam ??

Not quite sure how to respond to this letter.....but I am not signing up for their 'Protection' offer.

I don't think the hack are from what the customers did but the hackers hacking the organizations involved. So, indirectly info gets compromised.

From another article:

The breach stemmed from a May attack on the encrypted file transfer software Moveit and has hit financial firms, universities, the U.S. federal government and California public retirement systems, according to regulatory filings.

The PBI data breach occurred at the end of May and was discovered on June 2, according to PBI’s filing with the Office of the Attorney of General of Maine. Ignites first reported the breach.

On or around June 4, the firm sent a letter to potentially impacted customers noting that some of their personal information may have been stolen, but that the firm was not aware of an identity theft or fraud. PBI also provided customers with 24 months of credit monitoring and identity restoration from Kroll.

https://www.planadviser.com/fidelity-latest-victim-moveit-hacks-via-vendor-pbi/

I'm not going to sign up for their "Protection" offer either. I figure, my credit is already frozen (2 out of 3, other locked .. another story) and my income taxes already needs an annual IRS PIN to file. Plus, through Discover, they already do a free check (I think monthly) to see if my SSN shows up on the dark web.

 

[FiveDriver]

Her letter is similar, with the date "On or around May 31...." They also mention a "Corebridge Financial, Inc" which I never heard of before this letter arrived.

A fine-print footnote says Corebridge subsidies include several Insurance companies, led by American General Life -- with whom we have no dealings.

I searched and found a website that lists 77 possible affected companies...
https://www.cybersecurity-insiders.com/list-of-victimized-companies-of-moveit-cyber-attack/

 

[Sunset]

Not sure what to do when the company involved is American Airlines or Shutterfly.com ?

I'll go there and change my password in case some Russian wants to take a trip

 

[COcheesehead]

The letters sound like as scam to sell “protection.”

 

[Philliefan33]

The letters sound like as scam to sell “protection.”

I don’t think it is. My mother got a letter from her bank disclosing a MOVEit breach, with a code to sign up for one free year of identity protection service from Experian. I signed her up and there was no need to enter a credit card number, so I believe the service will end in a year. I did warn her that she will likely get email reminders to extend her protection for a fee, but she can ignore those.

A few days later we got a letter from our bank (not the same bank as mom’s) regarding the same breach and offering us a year of ID fraud protection. I signed us up, and no credit card needed.

 

[COcheesehead]

I don’t think it is. My mother got a letter from her bank disclosing a MOVEit breach, with a code to sign up for one free year of identity protection service from Experian. I signed her up and there was no need to enter a credit card number, so I believe the service will end in a year. I did warn her that she will likely get email reminders to extend her protection for a fee, but she can ignore those.

A few days later we got a letter from our bank (not the same bank as mom’s) regarding the same breach and offering us a year of ID fraud protection. I signed us up, and no credit card needed.

Based on what was disclosed in this thread with people not having anything to do with the company(s) in the letter, it’s sounds fishy.

 

[easysurfer]

Based on what was disclosed in this thread with people not having anything to do with the company(s) in the letter, it’s sounds fishy.

I do have an account with American General (formerly AIG).

 

[COcheesehead]

I do have an account with American General (formerly AIG).

Post #4?

 

[easysurfer]

Post #4?

I'm not disagreeing with your post.

Just adding that I have an account with one of the companies that got hacked.