CNN
—
fallout from global hacking incident On Thursday, U.S. insurer Genworth Financial revealed that 2.5 million of its policyholders and customers had been hacked to gain access to data, while California’s public pension fund lost 760,000 of its members. It announced that 9,000 people were affected, further expanding its links to Russian cybercrime.
The news comes as consulting giants PwC and Ernst & Young announced they were investigating exposure to a hack in one of the most widespread data breaches in recent years involving a single piece of software. announced in
Genworth Financial said in a regulatory filing that the hackers accessed Social Security numbers and other customer information.
The company said it was continuing to “measure the impact” of the breach, but said it “does not believe at this time that this incident will have a material adverse effect on our business, operations or financial results.” .
In a separate public statement, the California Civil Service Retirement System said more than 550,000 of its members had their Social Security numbers accessed.
Meanwhile, millions of people in Louisiana and Oregon also had their Social Security numbers and other personal data compromised in the incident, the auto departments in both states said last week.
The victim groups have not identified Russian cybercriminals as the culprits of the hack, but said they were hacked via a popular file transfer software called MOVEit. Federal officials have blamed a Russian group known as CLOP for widespread hacking activity exploiting the software.
Widespread breaches have increased legal and security headaches for organizations that own that data. Businesses whose data is stolen are forced to choose between paying the unscrupulous cybercriminals or having sensitive customer information dumped online by hackers.
Although there have been no reports of widespread identity theft related to data theft, the organizations whose data was stolen are proactively offering credit monitoring to their customers.
The incident began in late May when CLOP allegedly exploited an unknown vulnerability in file transfer software known as MOVEit, used by thousands of businesses and government agencies around the world. This has sparked a scramble between government officials and private experts to keep hackers off the network and limit ransom payments. Experts say the ransom could facilitate future ransomware attacks.
PwC said in a statement to CNN on Thursday that a “small number of customers” had files affected by the hack, but Ernst & Young said the company’s systems using the affected software A “majority” of the said it was “not infringed.”
The hackers also accessed data belonging to several federal agencies, including the Department of Energy and the Department of Agriculture, CNN first reported last week.
Federal agencies have not reported ransom demands, but hackers are known to demand tens of millions of dollars in ransoms for stolen or encrypted data from victim companies.
“Very few” US corporate and non-governmental victims have paid the ransom, Cybersecurity and Infrastructure Security Agency senior official Eric Goldstein told CNN on Wednesday.
Some victims still paid the hackers, according to Charles Kamakal, chief technology officer of Mandiant Consulting, a Google-owned company hired by some victims to respond to the hacks. It says. He did not disclose how many victims he knew had paid the ransom or how much money was paid.
As the pressure to protect customer data increases, “some organizations will pay over time,” Kaamakal predicted.
“Organizations need to assess the value of the stolen data and the potential damage that could result from its public disclosure,” Kaamakal told CNN.
Progress Software, the US company behind the MOVEit software, has already been hit with a class action lawsuit for failing to protect customer data. But the company claims to have quickly investigated the vulnerability, issued a security fix, and provided guidance to its customers to protect themselves.