U.S. government contractor Serco Inc, which is a division of multinational outsourcing firm Serco Group, has confirmed that more than 10,000 individuals had their personal data compromised as a result of the widespread Cl0p ransomware attack involving the exploitation of a MOVEit Transfer file transfer app vulnerability, reports BleepingComputer.
Individuals had their names, birthdates, home mailing addresses, and Social Security numbers, as well as Serco and/or personal email addresses and certain health benefits, exfiltrated following a breach of Serco's third-party benefits administration provider CBIZ, according to Serco, which counts the Homeland Security, State, and Justice Departments, as well as various state and local governments across the U.S., as its clients.
"We understand from CBIZ that the incident began in May 2023 and CBIZ took steps to mitigate the incident on June 5, 2023. To be clear, the breach of CBIZ's systems did not affect the safety and security of Serco's systems," said Serco in a notification sent to the Office of the Maine Attorney General.