Delta Dental of California discloses nearly 7M patients affected in MOVEit hack - #CVE-2023-34362
A major cyber attack targeted the MOVEit file transfer tool used by over 2,000 organizations, exposing the data of 64 million individuals. The Cl0p ransomware gang exploited a zero-day SQL injection vulnerability in MOVEit to gain access, encrypt systems, and exfiltrate data. Victims spanned numerous sectors, including healthcare, education, technology, finance, and government. For example, the Ontario birthing registry BORN suffered a breach of 3.4 million child health records, and the Hospital for Sick Children had data exposure due to its partnership with BORN. Progress Software, the maker of MOVEit, released several patches to fix the vulnerabilities but the damage had already been done. Lawsuits and government investigations are now underway to determine accountability for the massive hack.