Siemens Energy and British Airways Victims of Monster Data Breach

The Social Security numbers, birth dates, driver’s license numbers, health insurance claims, medical history notes, prescription information and other PII of 612,000 Medicare beneficiaries were stolen last May, in a data breach by government contractor Maximus Federal Services. Maximus detected suspicious activity in a file transfer application used by commercial and government customers called MOVEit, which it shut down the following day. The app’s provider, Progress Software Corporation, also disclosed a vulnerability in the program the next day that “allowed an unauthorized party to gain access to files across many organizations in both the government and private sectors.” Louisiana’s Office of Motor Vehicles, Oregon’s driver’s license database, Siemens Energy, UCLA and British Airways were also affected. Maximus admits that the files impacted contain Social Security numbers and protected health information “of at least 8 to 11 million people” who must be notified. Medicare beneficiaries have been advised to review their quarterly statement of Medicare charges, for any suspicious activity, and check their online Medicare accounts. Maximus has begun sending apology letters.