"US Govt Contractor Serco Discloses Data Breach After MoveIT Attacks"

Serco Inc, the Americas division of multinational outsourcing company Serco Group, has recently disclosed a data breach after attackers stole the personal information of over 10,000 individuals from a third-party vendor's MoveIT managed file transfer (MFT) server.  Serco said that the information was exfiltrated from the file transfer platform of CBIZ, its benefits administration provider.  Serco noted that on June 30, 2023, they were informed that their third-party benefits administration provider, CBIZ, experienced a ransomware attack and data breach.  Serco stated that according to CBIZ, the incident began in May 2023, and CBIZ took steps to mitigate the incident on June 5, 2023.  To be clear, the breach of CBIZ's systems did not affect the safety and security of Serco's systems.  The personal information compromised in the attack includes any combination of the following: name, U.S. Social Security Number, date of birth, home mailing address, Serco and/or personal e-mail address, and selected health benefits for the year.  Serco is currently collaborating with CBIZ to investigate the breach and assess the full extent of the incident, focusing on ensuring that the third-party vendor has implemented security measures to prevent future incidents.  Serco's client roster includes a long list of U.S. federal agencies, including the Departments of Homeland Security, Justice, and State, as well as U.S. Intelligence Agencies and multiple U.S. Armed Forces branches (e.g., Navy, Army, Marine Corps, Air Force).  Serco is also a contractor for U.S. state and local governments and the Canadian government, and it also provides services to high-profile commercial customers such as Pfizer, Capital One, and Wells Fargo.  The company employs over 50,000 people across 35 countries and has an annual revenue of over $5.7 billion in 2022.

BleepingComputer reports: "US Govt Contractor Serco Discloses Data Breach After MoveIT Attacks"