Radius Global Solutions said MOVEit Transfer exploitation compromised the data of 600k individuals

Minnesota-based debt collection agency Radius Global Solutions suffered a data breach as a result of the Clop ransomware group exploiting a zero-day vulnerability in the MOVEit Transfer web application.

Edina, Minnesota-based Radius Global Solutions is a debt collection agency that collects payments for its clients in different industries, such as healthcare, utilities, telecom, retail, and government.

In a recent notice of data breach on its website, Radius Global Solutions said that like hundreds of other organisations around the world, it used the Progress Software’s MOVEit Transfer web application to send and receive files securely. On June 1, it became aware of the exploitation of a zero-day vulnerability in the MOVEit Transfer web application and immediately launched an investigation to understand the scope of the incident.

“After determining some documents were accessed, Radius conducted a comprehensive review of the impacted files to determine what information was present in the impacted files, to whom the information related, and contact information for applicable individuals,” the company said.

“Radius then worked with its clients to notify individuals whose information was present in the files accessible to the unauthorised actors due to the MOVEit vulnerability exploitation,” it added.

The compromised information included names, dates of birth, and Social Security numbers, patient treatment codes, treatment location, and treatment payment history including health insurance provider details. In a filing with the U.S. Department of Health and Human Services Office for Civil Rights, the company confirmed that at least 600,794 individuals were affected by the data breach.

Radius Global Solutions said that it applied the security patches released by Progress Software to secure the application and reviewed the compromised data to identify the impacted individuals. It is also providing two years of complimentary identity monitoring and protection services to all affected individuals.

The company also urged its customers to remain vigilant against incidents of identity theft and fraud by reviewing their account statements and monitoring free credit reports for suspicious activity and errors and report the same to relevant law enforcement and financial institutions.

Radius Global Solutions is one of more than 650 organisations worldwide that have suffered significant data breaches after the Clop ransomware gang exploited Progress Software’s MOVEit Transfer web application. 

 

According to German cybersecurity research firm KonBriefing, as of August 15, at least 677 organisations have come forward about security incidents resulting from the exploitation of the software and at least 46.7 million individuals have been impacted by the same.