Allegheny County recently released information regarding a data breach through MOVEit, a file transfer tool used by the county to send and receive data.
The breach occurred between May 28 and 29, 2023, and the County became aware of a vulnerability in the hacked software on June 1, 2023. This vulnerability allowed the software to be accessed by a group of cybercriminals later identified as “Cl0p”.
Cl0p has declared that they are “focused on targeting businesses and that [they] will delete any data from certain organizations, including governments” according to a statement from Allegheny County. The group also indicated that they already deleted data belonging specifically to the County, however the County has still encouraged individuals to be cautious and take steps to secure their personal information.
Allegheny County has taken a number of precautionary measures to secure information, including blocking access to and from the MOVEit server and implementing extra security measures recommended by MOVEit’s parent company, Progress Software.
The County has also created a dedicated call center for those seeking to find out if their information has been involved. The call center number is (888) 990-1333; representatives are available from Monday through Friday, 9 AM to 9 PM EST.
For individuals whose Social Security numbers were involved in the data breach, Allegheny County is partnering with IDX to offer 24 months of complimentary identity protection. This will allow for credit monitoring, CyberScan services, identity theft insurance, and managed identity recovery services. In order to receive these services, individuals must enroll by October 31, 2023.