A leading provider of insurance solutions, Enstar Inc. creates deployable profit plans to meet individual risk profiles and circumstances. Their assets clock in at over $20 billion; however, this may change following their recent announcement of information lost during a MOVEit data breach.
Enstar’s consumer notice offers much information about the global MOVEit breach, including the reason for the leak—a zero-day vulnerability. MOVEit is a file transfer software used to efficiently store and manage data files across industries and around the globe. The cybercriminal group CL0P purportedly leveraged the vulnerability against MOVEit to extrapolate data.
Progress Software announced MOVEit’s vulnerability on May 31st; Enstar reacted by launching an internal investigation. Their investigation concluded with evidence of an attack in the days before the public MOVEit statement. Enstar conducted a secondary review that finished in mid-October. Enstar began sending consumer notices a month later.
The Enstar data breach may primarily impact group members. Additionally, the consumer notice suggests those impacted invest in monitoring services for credit and identity accounts. Subsequently, the breach may have exposed more credentials than what is above.
According to the breach filing published on the Maine Attorney General’s website, this breach may impact up to 64,934 people. The number is not likely to increase, but how the assailants may use the data is uncertain. All Enstar group members should consider monitoring services and other preventative measures to defend their data and mitigate damage.