Missouri recently suffered data breaches impacting the Medicaid program through the Department of Social Services, and students and staff at the University of Missouri. Each of these programs involves thousands of people, and local Missouri residents should be aware of how the breach occurred and how it might affect them.
The Medicaid and university breaches occurred because hackers identified a security vulnerability in a file-transfer tool called MOVEit. The tool is meant to protect government and other confidential files when they're being transferred between organizations. Unfortunately, the C10p ransomware gang learned of an exploit that enabled them to access and download every one of the files connected to the software by the organization using it. This vulnerability enabled the gang to steal files from Missouri's Medicaid program, as well as from the University of Missouri. More than 600 organizations were impacted by this breach overall.
The creators of MOVEit announced the existence of the vulnerability and some of the breaches that occurred on May 31. It's suspected that these breaches occurred around the end of May for that reason, but a specific date is not known.
The Medicaid breach impacts low-income Missouri residents, while the University of Missouri breach may impact students and faculty at the school. Anyone who believes their data may have been exposed by these breaches should wait for a letter to come in the mail notifying them of the breach. Even if you don't receive a letter, it's a good idea to check your credit for any unexpected changes that could be related to identity theft attacks.
We don't have a file count for the Medicaid or University of Missouri file breaches. We suspect thousands of documents were taken in these attacks, but even a few stolen files can do serious harm.