Maximus victim of MOVEit Vulnerability

The US Government services provider Maximus. is the latest victim of the Clop ransomware gang’s targeting of a critical vulnerability in MOVEit file transfer software, as data belonging to as many as 11 million people was stolen.

Maximus, which provides services for Medicaid, Medicare, health care reform, welfare-to-work and student loan servicing, disclosed it had been hacked in a U.S. Securities and Exchange Commission filing.

The filing states that the company became aware that data could have been compromised after the revelation that the MOVEit file transfer software had been compromised on May 31, but does not give a specific date when it detected that its internal systems had also been compromised.

The data stolen included personal information, including Social Security numbers, protected health information, and personally identifiable information. For now, it’s unclear if the data breach affected only US customers or other parts of the world.

Maximus is informing affected customers and is working with federal and state regulators. Customers will also be offered free credit monitoring and identification restoration services.

Maximus isn’t the first organization to be compromised by the vulnerability in MOVEit. There are more than 350 other organizations affected by the vulnerability