PBI Research Services has experienced a significant data breach, impacting 4.75 million individuals in the recent MOVEit Transfer data-theft attacks conducted by the Clop ransomware gang. The attacks, initiated on May 27, exploited a zero-day vulnerability in MOVEit Transfer, leading to data theft from numerous companies. The cybercriminals, identified as the Clop gang, escalated their tactics by extorting affected organizations and gradually listing them on a data leak site, creating pressure for ransom payments. PBI clients, including Genworth Financial, disclosed the breach, with millions of customers having their sensitive data exposed, and the number may rise as further disclosures occur.
Genworth Financial, a Virginia-based life insurance services provider, is among the first entities impacted by the data breach. PBI informed Genworth of the security breach on June 16, 2023, and subsequent verification confirmed the theft of customers’ personal data. The breach is estimated to have impacted 2.5 to 2.7 million individuals, comprising customers and insurance agents associated with Genworth. The exposed data includes critical information such as full names, dates of birth, social security numbers, zip codes, state of residence, policy numbers, and agent IDs.
Despite the significant data exposure, Genworth emphasized that the attack did not impact its own systems, network, or business operations, as it does not use MOVEit or GoAnywhere products. Affected individuals are set to receive data breach notices in the coming weeks, providing instructions on enrolling in free-of-charge credit monitoring and identity theft protection services. The breach highlights the broader challenges faced by organizations in securing sensitive information and reinforces the need for robust cybersecurity measures to mitigate the impact of evolving cyber threats.
