Living up to its name, Maximus sees a whale of a breach that affects millions of people's sensitive government records, including health data.
July 27, 2023 By Nate Nelson
The MOVEit breach has claimed yet another target: Maximus Inc., a US government contractor. Though the company's internal systems were unaffected, 8 to 11 million people's personal information may have been compromised.
Maximus provides technology services for administering and managing government programs like student loan servicing, and Medicaid and Medicare. It operates in Australia, Canada, the UK, and the US employing more than 39,000 people with an annual revenue exceeding $4.25 billion, according to its website.
In its 8-K form for investors, filed with the Securities and Exchange Commission (SEC) on July 26, the company revealed that it had been a victim of the GoAnywhere MOVEit attack, carried out by the Cl0p ransomware gang. The attackers appear to have accessed files which "contain personal information, including Social Security numbers, protected health information, and/or other personal information, of at least 8-to-11 million individuals," the company noted in its 8-K.
