In Massachusetts, the College of Pharmacy and Health Sciences (MCPHS) is a prestigious institution honored as the best pre-med studies option in the US. MCPHS is the most recent academic pillar to report a data breach concerning the MOVEit zero-day vulnerability.
The breach occurred with two of MCPHS’ third-party vendors following the global cybersecurity event involving MOVEit. MOVEit is a file transfer software that hackers took advantage of using a zero-day vulnerability. CCBIZ provides the technology environment to Mayer Hoffman, which provides accounting services to clients like MCPHS.
On May 31st, 2023, Progress Software announced the zero-day vulnerability issue with their MOVEit software, which prompted investigations. CCBIZ’s investigation concluded with breach confirmation that the leak occurred between May 29th and June 5th, 2023. They presumably began notifying the necessary parties after the conclusion, resulting in consumer notifications sent around November 3rd, 2023.
The notice provided to the Maine Attorney General’s Office states the unauthorized party accessed the files and downloaded them; this means the bad actors may have accessed more information than listed on the report. Further, the Maine filing lists 899 individuals possibly impacted.
The exact number of impacted files from the breach is unknown. It could be that the attackers accessed no other files and took no more than 900. Whatever your association with MCPHS, take time to protect yourself from the consequences of this breach.