Share this article on:
US-based government services company Maximus has disclosed that a large amount of personal data has been compromised as part of the MOVEit third-party file transfer hack.
The company revealed the details of the incident in a filing to the US Securities and Exchange Commission.
After an investigation of its use of the MOVEit software, Maximus believes that at least 8 to 10 million people have had their data stolen by the threat actor behind the hack, the Clop ransomware gang. The affected data includes social security numbers, protected health data, and other personal information.
The company has said, however, that the hack has not impacted its internal networks, nor any data not transferred via the MOVEit software. Maximus’ day-to-day operations have also not been impacted.
Nonetheless, the company expects the incident to cost at least US$15 million. However, investigations are ongoing, and more data may have been affected.
“The company’s review of impacted files is ongoing,” Maximus said in its disclosure, “and the company is unable to predict the total number of impacted individuals who will receive notice of the incident until that review is completed, which we expect will not be for several more weeks”.
Maximus is currently working with law enforcement to investigate the incident.
The company itself is headquartered in the US state of Virginia but has offices all around the world, including in Australia, where it operates under the name Max Solutions.
Max Solutions operates as a key employment provider – Max Employment is, in fact, Australia’s largest employment provider. It works with ParentsNext and Employment Victoria, as well as the NDIS. The company also operates in the healthcare sector and education. Thankfully, the local operation does not use the MOVEit software.
"MAX Solutions does not use the MOVEit platform in Australia," Darren Hooper, country manager for Max, "and as a result, no MAX customers were impacted."
Updated on August 1 2023.