Massachusetts data breach affects over 134K people, officials say
In a recent data security breach, the personal information of more than 134,000 Massachusetts residents enrolled in specific state programs and services has been compromised. The incident, part of a global third-party data breach involving a file-transfer software program named MOVEit, raised concerns about sensitive data’s vulnerability across various sectors.
Table of ContentsToggle
The University of Massachusetts Chan Medical School (UMass Chan) played a role in the data breach as it provides services to the Executive Office of Health and Human Services (EOHHS). The compromised data was transferred through MOVEit, a file-transfer software program utilized by UMass Chan to facilitate services to certain EOHHS agencies and programs.
According to the statement issued by Executive Office of Health and Human Services officials,
“UMass Chan Medical School on Monday began “notifying more than 134,000 individuals currently or previously enrolled in certain state programs that their personal information was involved in a recent third-party data security incident.”
The officials also stated, “This incident was part of a worldwide data security incident involving a file-transfer software program called MOVEit, which has impacted state and federal government agencies, financial services firms, pension funds, and many other types of companies and not-for-profit organizations.”
The breach primarily impacts individuals enrolled in specific programs, including the State Supplement Program (SSP), MassHealth Premium Assistance, MassHealth Community Case Management, and the Executive Office of Elder Affairs (EOEA) and Aging Services Access Points (ASAP) home care program.
Fortunately, officials have clarified that neither UMass Chan nor state systems have been compromised during this incident. Those affected by the breach have been contacted through various channels, including mail, phone, text, and email, where feasible.
Individuals who have received the notification are strongly advised to take immediate steps to protect their personal information. This includes diligently monitoring their financial account statements for any suspicious activity.
UMass Chan’s response to the incident has been swift and comprehensive. After learning about the vulnerability in the MOVEit software on June 1, 2023, the organization immediately addressed the issue. This included fixing the vulnerability, collaborating with law enforcement, initiating an internal investigation, and identifying the individuals whose information was at risk. On July 27, 2023, it was established that specific files contained data about individuals receiving EOHHS services.
However, the question is, if the files and the extent of the breach were identified by the end of July, then why did UMass take so long to notify the victims?
The Type of Information Compromised?
The compromised information varies from person to person. Still, it may include names, dates of birth, mailing addresses, protected health information such as diagnosis and treatment details, prescription information, provider names, service dates, claims information, health insurance member ID numbers, and other health insurance-related data, as well as Social Security numbers and financial account information.
Affected individuals will receive letters from the state and UMass Chan on Tuesday. These letters will elucidate the exact nature of the data that has been compromised and outline the measures taken in response to the MOVEit incident. Additionally, they will offer detailed steps that each individual can take to safeguard their information.
In a commendable move, UMass Chan is extending free credit monitoring and identity theft protection services to those whose Social Security numbers or financial information were impacted by this incident. This proactive approach underscores their commitment to rectifying the situation and supporting affected individuals during this challenging time.
Is this Data Breach a Rare Incident?
Previously in May this year, T-Mobile became a victim of a data breach (second time in 2023), in which the names, PIN codes, and phone numbers of more than 800 customers were revealed due to a hack. They have claimed that this incident has also cost them a hefty blow of thousands of dollars.
Besides that, Chick-fil-A, the popular American fast-food chain, has a data breach of their mobile app, exposing customers’ personal information. Unusual login activity triggered an investigation, revealing a cyber attack in early 2023. Hackers utilized third-party email addresses and passwords to access the system, obtaining data including membership numbers, names, emails, and addresses.
Although less than 2% of customer data was compromised, Chick-fil-A took swift action. They plan to bolster online security, enhance monitoring, and reimburse affected accounts. This incident highlights companies’ ongoing cybersecurity challenges and the need for proactive measures.
How to Protect Your Data and Privacy From Cyberattacks
With cyberattacks growing in sophistication, adopting proactive measures to secure your information is crucial. Following are some of the ways you can protect your data and online privacy:
- Use a VPN
A VPN encrypts your internet connection, making online activities more private and secure. It disguises your IP address, preventing hackers from tracking your location or accessing your data.
- Strengthen Your Passwords
Ensure your passwords are strong, unique, and not easily guessable. Combine uppercase and lowercase letters, numbers, and symbols to create a robust defense against brute-force attacks.
- Enable Two-Factor Authentication (2FA)
Activate 2FA wherever possible to add an extra layer of security. This method requires you to provide a secondary piece of information, like a text code or fingerprint, in addition to your password.
- Keep Software Updated
Regularly update your operating system, applications, and antivirus software. Updates often contain patches that fix security vulnerabilities, making it harder for hackers to exploit weaknesses.
- Be Cautious of Phishing Attempts
Exercise caution when clicking on links or downloading attachments from unknown sources. Phishing emails are designed to trick you into revealing sensitive information or installing malware.
The importance of safeguarding our data and privacy in such times when data breaches have become so common, cannot be overstated. Cyberattacks continue to evolve in complexity and scale, posing significant threats to individuals, businesses, and institutions. Taking proactive steps to protect your information is a matter of personal security and a responsible approach to navigating the digital landscape.