International Business Machines Corp. (IBM) is now grappling with the aftermath of a recent IBM data breach that occurred after a widespread exploitation of MOVEit vulnerability.
Jennifer Wedeking, the plaintiff, alleges that IBM’s negligence and the controversial MOVEit application were responsible for the IBM data breach. The utilization of MOVEit’s vulnerability and its connection to the IBM security incident has led Jennifer Wedeking to initiate a class action lawsuit against the company.
Jennifer alleges that IBM recklessly employed the MOVEit software for handling sensitive information transfer despite being aware of the software’s security vulnerabilities. This choice led to the exposure of personal data, including names, Social Security numbers, and Medicare ID numbers.
IBM data breach, MOVEit vulnerability and class action lawsuit
Wedeking received a notification from the state health agency informing her that unauthorized parties had accessed her personal information due to the IBM data breach.
Consequently, she has had to invest considerable time addressing the breach’s repercussions, including monitoring financial statements for signs of identity theft or fraud.
The IBM data breach implications are far-reaching, affecting not only Wedeking but also a nationwide class of individuals whose information was compromised.
IBM, a tech giant with considerable resources and expertise, should have taken adequate measures to safeguard private information. However, the lawsuit claims that IBM neglected to implement the necessary safeguards to protect personal identifying information and medical data.
“Further, the only remediation here was not even offered by IBM: a meager 24 months of identity theft protection for victims of the data breach when the impact of the theft … will ripple for many years, if not decades,” reads the lawsuit. This failure contrasts with the company’s capabilities and suggests a conscious decision to disregard the security of sensitive information.
IBM data breach affects more victims
The Colorado Department of Health Care Policy and Financing (HCPF) experienced the hack, which exposed personal data belonging to over four million individuals. This IBM data breach has prompted questions about the adequacy of HCPF’s response, especially given the delay in notifying victims.
Additionally, the offered identity theft protection falls short of addressing the potential long-term consequences of the breach. The lawsuit suggests that the IBM data breach might be connected to the actions of the notorious Clop ransomware gang.
This group is known for trading stolen private information on the dark web, placing individuals at immediate risk of identity theft and related crimes.
Progress Software Corp., the maker of MOVEit Transfer, also faces multiple class action lawsuits due to the vulnerability of its software.
Allegations state that the company had knowledge of the vulnerability since 2021 but failed to address it, enabling the breach that has impacted millions of individuals and organizations.
The MOVEit vulnerability exploitation has reached new numbers as the number of victims increases every year, and the impact is affecting organizations worldwide.
The Cyber Express previously reported about the IBM data breach, which exposed “4 million patient records” from the Colorado Department of Health Care Policy and Financing (HCPF).
However, the security incident is not an isolated one. Many big organizations also fell victim to the MOVEit vulnerability exploitation, creating a new cyber crisis for organizations throughout the world.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.