NationsBenefits confirms thousands had personal data stolen in Fortra breach

One other company big has confirmed hundreds of healthcare members had data stolen within the cyberattack focusing on Fortra prospects.

Florida-based know-how firm NationsBenefits stated in a data breach notice filed with New Hampshire’s legal professional basic that greater than 7,100 state residents had their private data stolen within the late-January ransomware assault on Fortra’s techniques.

NationsBenefits offers supplemental advantages for medical insurance members, akin to imaginative and prescient, listening to and over-the-counter medication.

The info breach discover stated hackers stole private data of NationsBenefits members saved in its Fortra-hosted occasion of GoAnywhere, a file-transfer software program instrument utilized by hundreds of organizations to share massive units of knowledge over the web.

Hackers used a beforehand unknown vulnerability to raid dozens of buyer GoAnywhere cases hosted by Fortra within the January mass-hack. The Clop ransomware gang claimed duty, alleging it stole information on greater than 100 organizations.

When reached by TechCrunch, NationsBenefits spokesperson Michael Fried declined to say what particular information was stolen within the incident, including that the corporate is “complying with all authorized and industrial obligations in response to this incident.”

It’s not identified what number of people residing outdoors of New Hampshire are affected. NationsBenefits additionally filed a knowledge breach discover in California, however corporations will not be obligated below the state’s legislation to reveal what number of residents are affected by a knowledge breach. Corporations sometimes should disclose information breaches in California when 500 residents or extra are affected.

NationsBenefits has greater than 20 million members throughout the USA. When requested, the corporate’s spokesperson declined to say what number of of its hundreds of thousands of members are affected by the breach.

The healthcare advantages firm is the most recent Fortra buyer to verify it was affected by the January breach. U.S. healthcare big Group Well being Methods was the primary confirmed sufferer and one of many worst affected, with the hackers claiming to have stolen information on at the very least 1 million sufferers. Shopper items big Procter & Gamble, healthcare program supplier US Wellness, funding big Onex, the U.Okay.’s Pension Safety Fund, Brightline, and the Metropolis of Toronto have all confirmed information thefts following the hack.

Fortra has confronted criticism for its poor dealing with of the breach, which included hiding particulars of the zero-day exploit behind a buyer login wall. Information of the breach solely got here to mild when safety reporter Brian Krebs published the company’s hidden disclosure on-line. Fortra patched the vulnerability per week later.

TechCrunch reported that Fortra informed some prospects that their information was protected, solely to seek out that their information was stolen after hackers despatched a ransom demand.

NationsBenefits acknowledged in its assertion that “solely after we contacted Fortra did they affirm the existence of the vulnerability.”

In its first public acknowledgment of the breach, Fortra stated in a blog post Tuesday that prospects operating their very own on-premise server have been hacked nearly two weeks earlier than Fortra’s hosted techniques have been compromised.

Fortra spokesperson Rachel Woodford declined to say what number of prospects are affected or remark past the corporate’s weblog put up.