Maximus Federal Services is a US government contractor that helps with healthcare, student loans, and other federal and state government services. The company helps manage all this personal and health-related data for US citizens, which makes it devastating that the company was hit by a recent data breach. More than 34,000 people work for this organization with over $4.25 in annual revenue and between 8 and 11 million people could have been harmed by this recent breach.
This Maximus breach occurred like all the other MOVEit-related data breaches. The file-transfer service was exposed by a Zero-Day vulnerability, and the C10P ransomware gang began taking advantage of the vulnerability almost immediately. The gang quickly broke into file databases and servers attached to the MOVEit software and stole as much data as possible for well over 150 different companies. The stolen data was leveraged to try and obtain ransom payouts, and anyone that doesn't pay will have their data distributed by the gang.
This breach likely occurred near the beginning of June, like so many other MOVEit breaches did. It could have taken Maximus a few weeks or even months to discover the breach and secure its systems.
This Maximus Federal Services breach impacts US citizens with student loans, government-sponsored healthcare services, and other state and federal government programs.
We don't know the number of Maximus files associated with this breach. We suspect it's millions of files.