Allegheny County

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

Allegheny County in Pennsylvania experienced a data breach that was part of a global cybersecurity incident targeting the file transfer tool MOVEit. The breach occurred on May 28 and 29, 2023, and was discovered on June 1, 2023, when the county became aware of a vulnerability in the software[1][2][3][4][5]. The cybercriminal group responsible for the breach is known as CL0p, which is believed to be a Russian-speaking hacking organization based in Russia[3][4].

The breach potentially exposed personal information such as names, Social Security numbers, driver’s license numbers, state ID numbers, taxpayer ID numbers, student ID numbers, and for some individuals, medical information, health insurance information, and billing/claim information[3][4]. The exact number of affected individuals is believed to be as many as 967,690[2].

Allegheny County has taken steps to mitigate the breach, including blocking access to the MOVEit server, implementing additional security measures, and partnering with IDX to offer 24 months of complimentary identity protection services to those whose Social Security numbers were involved[5]. The county has also established a dedicated call center for individuals to find out if their data was compromised and to enroll in the free identity protection services. The deadline to enroll in these services is October 31, 2023[3][5].

Affected individuals are encouraged to take the breach seriously, monitor their credit, and take advantage of the offered credit monitoring services. The county has sent out data breach notification letters to those impacted[2][3]. For more information or to find out if personal information was involved in the breach, individuals can call the dedicated call center at 888-990-1333[3][5].

Citations:

  1. https://www.cbsnews.com/pittsburgh/news/allegheny-county-issues-notice-of-data-breach/
  2. https://www.myinjuryattorney.com/allegheny-county-pennsylvania-data-breach-investigation/
  3. https://www.govtech.com/security/allegheny-county-pa-issues-alert-on-may-data-breach
  4. https://triblive.com/local/allegheny-county-reveals-recent-data-breach/
  5. https://presentepgh.com/allegheny-county-hit-by-data-breach/
  6. https://www.idstrong.com/data-breaches/allegheny-county-pennsylvania-breach/
  7. https://www.idstrong.com/sentinel/allegheny-county-pa-suffers-data-breach/
  8. https://www.compassitc.com/blog/cl0ps-moveit-attack-victim-count-continues-to-climb
  9. https://www.wtae.com/article/allegheny-county-data-breach/44711090
  10. https://triblive.com/local/regional/thousands-affected-in-allegheny-health-network-data-breach/
  11. https://www.wpxi.com/news/local/allegheny-county-warns-residents-after-data-breach/TNP7NSGLB5BVBG6CCN4BBXJFOE/
  12. https://www.inquirer.com/news/pennsylvania/data-breaches-pennsylvania-2020-rankings-20211215.html
  13. https://www.jdsupra.com/legalnews/allegheny-county-pennsylvania-confirms-1466762/
  14. https://www.wpxi.com/video/allegheny-county-warns-residents-after-data-breach/e00b9c1a-7c9a-48db-b9b4-a69cbfef2159/
  15. https://news.yahoo.com/allegheny-county-reveals-recent-data-180500214.html
Breach Submission Date Jul 28, 2023
Converted Entity Name Allegheny County
Converted Entity Type Healthcare Provider
State PA
Individuals Affected 689,686
Breach Type Hacking/IT Incident

Breach Information Location Network Server

Business Associate Present Yes