PBI Research Services has fallen victim to a significant data breach, with three clients disclosing that data for 4.75 million individuals was stolen in recent MOVEit Transfer data-theft attacks. These attacks, initiated by the Clop ransomware gang on May 27, exploited a zero-day vulnerability in the MOVEit Transfer software, affecting numerous companies.
The Clop gang began extorting companies by gradually listing impacted organizations on its data leak site, pressuring victims to meet ransom demands. The exposed data includes sensitive information such as full names, dates of birth, social security numbers, zip codes, state of residence, policy numbers, and agent IDs.
PBI Research Services, utilizing Progress Software’s MOVEit file transfer application, promptly patched its instance of MOVEit upon identifying the zero-day vulnerability. The company assembled a team of cybersecurity and privacy specialists, notified federal law enforcement, and contacted potentially impacted clients.
While cybercriminals accessed the MOVEit administrative portal due to the vulnerability, they did not gain entry to PBI’s other systems. PBI, which provides pension plan management services to large entities, including death audit and participant location, emphasizes that the breach did not compromise its core systems or software.
The MOVEit cyberattack, affecting PBI and numerous organizations globally, drew attention due to a critical cybersecurity vulnerability allowing unauthorized access to MOVEit databases. The Clop ransomware gang claimed responsibility for exploiting this vulnerability, leading to extensive data breaches. PBI reassured clients that outside the isolated MOVEit Transfer server, its systems remained unaffected by the breach.
While PBI cannot confirm the impact on individual personal information, the company encourages potentially affected individuals to take steps to protect their data, underscoring the widespread challenges posed by cyber threats and the importance of robust cybersecurity measures.
