Allegheny County Impacted by MOVEit Security Incident

ALLEGHENY, Pa., July 28, 2023 /PRNewswire/ — Allegheny County, Pennsylvania (“Allegheny County“) today announced that data from the county was involved in the global cybersecurity incident last month involving file transfer tool, MOVEit. The county is the latest in a list of several hundred organizations that were impacted when a software vulnerability in MOVEit allowed cybercriminals known as “CI0p” to access and download data, including data belonging to the county. Impacted industries include insurance, finance, education, energy, health, government, and other various businesses.

Cl0p indicated that it is focused on targeting businesses and would delete any data obtained from governments. While the county has been informed that data belonging to Allegheny County involved in this incident has been deleted, the county is still encouraging individuals to take steps to protect their personal information.

While the impacted information varies based on the individual and their relationship with Allegheny County, the information at issue may include name; social security number (SSN); date of birth; driver’s license/state identification number; taxpayer identification number; and student identification numbers. For some individuals, certain types of medical information (e.g., diagnosis, treatment type, admission date), health insurance information, and billing/claim information may be involved.

Individuals can learn more about the incident, including steps they can take to protect their personal information, by visiting the notice on the county’s website, available at www.alleghenycounty.us.

To find out if your information was involved, or if you have any questions or concerns relating to the incident, the county is encouraging individuals to call its dedicated call center at (888) 990-1333. Representatives are available Monday through Friday, 9 AM to 9 PM EST. The county is providing individuals whose SSNs were involved in this incident with two years of complimentary identity protection services.

The county became aware of the issue on June 1, 2023. Like many organizations, the county uses MOVEit, a popular file transfer tool owned by Progress Software, to send and receive data. It has since confirmed that Cl0p was able to access and download files from MOVEit between May 28 and May 29, 2023.

As soon as it became aware of the incident, the county took steps to secure its information, including by blocking access to and from the MOVEit server. It also addressed the vulnerability by following security measures recommended by Progress Software. At the same time, the county engaged external cybersecurity experts to investigate the nature and scope of the incident and conducted an extensive investigation to determine what information was involved. The county also notified law enforcement agencies of the incident.

Again, individuals with questions or concerns relating to the incident are encouraged to call the dedicated call center at (888) 990-1333. Representatives are available Monday through Friday, 9 AM to 9 PM, EST.

SOURCE Allegheny County

LEAVE A REPLY

Please enter your comment!
Please enter your name here