MOVEit breach fallout still resonates

More than a month since the MOVEit software breach, the fallout is still ongoing: last week PBI Research (a data management provider) revealed its installation was hacked via the zero-day exploit. PBI handles data for a series of pension systems and insurance companies in the U.S., resulting in a total impact of ~2.5-2.7 million personal records now compromised.

According to a public incident disclosure, PBI was using an on-prem installation of MOVEit, relying on software patches to be installed manually, at least 5 days after mass exploitation began. Iinterestingly, by that time MOVEit SaaS offering was already patched. The situation is somewhat reminiscent of last year's Rackspace's Exchange breach, where an Exchange software vulnerability was addressed much sooner within Microsoft365 SaaS, leaving on-prem customers exposed for weeks or months.

Installing 3rd party software on-premise, waiting for the supplier to distribute patches and taking on responsibility to install them manually is becoming less adequate in today's zero day exploitation environment. An important take-away for CIO/CSOs.

More on the latest implications of this breach here.