Andesa Services, a service provider for NYLIC, recently reported a security breach linked to the MOVEit transfer tool. This marks the second service provider to fall victim to the MOVEit breach.
New York Life Insurance Company (NYLIC), the largest life insurance company in the United States and one of the world’s largest corporations, employed Andesa Services, a third-party vendor, to manage New York Life insurance policies owned or sponsored by employers.
In an October 23rd notification to impacted clients, they revealed that an unknown actor had exploited a previously undiscovered vulnerability in the MOVEit transfer tool, gaining access to specific data stored on the MOVEit Transfer server, which the third-party vendor operated. The investigation determined that the attacker accessed sensitive information between May 30th, 2023, and May 31st, 2023, including clients’ names and Social Security numbers. The company stated that it has no knowledge of any actual or attempted misuse of this personal data at present.
The Office of the Maine Attorney General reported that the breach affected over 30,000 individuals. NYLIC has offered those affected free credit monitoring and identity theft protection services provided by Experian.
A New Third-Party Vendor Falls Victim to MOVEit Breach
Andesa experienced the MOVEit breach, but it’s not the first NYLIC service provider to do so. In August, Pension Benefit Information (PBI) reported that the breach exposed NYLIC-related data, affecting 25,685 individuals, as per PBI’s report to the Maine Attorney General.
In total, MOVEit Transfer attacks have impacted approximately 670 organizations and 46 million individuals, and new victims are continually surfacing. The Cl0p ransomware gang, allegedly linked to Russia, claimed responsibility for exploiting the MOVEit zero-day bug and has been posting the names of victims on their dark web leak site since June.
Story credit
Related stories:
