The state of Massachusetts fell victim to a global security incident recently. In this breach, the personal information of nearly 134,000 people was leaked. Health officials in the state warn residents to be aware of this issue. They sending out messages to those that were or still are enrolled in state health programs. The leak occurred with a third-party data security incident.
State officials state that the incident was a worldwide issue in which a software program called MOVEit was hacked. The program houses file-transfer software and with its data breach leaked information from federal agencies, pension funds, financial firms, non-profits, and many other various companies. With this data breach, people’s personal health information, banking information, and a variety of other personal information was leaked.
The UMass Chan and other state systems were unaffected, just the personal information of many Massachusetts residents.
Direct notices and warnings are being sent out to people who may have been affected by the breach by mail, phone, text, and e-mail. If you receive a notice/warning, officials say to track your financial information, enroll in a credit monitoring system, and opt-in for identity theft protection.
The biggest thing officials say to do is check your financial statements if you receive a warning notification.
The possible affected groups of people were/are members of MassHealth, the State Supplement Program, Family Resource Centers, the Executive Office of Elder Affairs, and Aging Services Access Points.
UMass Chan has been aware of the data breach since early June 2023. They quickly acted to stop the further spread of personal information. By the end of July, they were able to have a better idea of whose information was affected. They also somewhat could see what information it was. They also investigated and reached the conclusion that the breach was a result of a security flaw in MOVEits’s software.
The leaked information differed from person to person. The different pieces of information that were leaked are date of birth, addresses, social security numbers, banking account information, and protected health information (like diagnoses, etc.).
Letters have been sent out as of this week to those that were affected by the breach. If they were able to detect what information was leaked, that is included in the letters of notification as well.