{
	"id": "8eb67e0d-4a94-4bfc-9acf-eccb0655ce2a",
	"created_at": "2026-04-06T00:20:20.772017Z",
	"updated_at": "2026-04-10T03:22:06.995928Z",
	"deleted_at": null,
	"sha1_hash": "3a9ea5fb14ec44ec0b7fb9dbe5398440662bba43",
	"title": "US govt contractor Serco discloses data breach after MoveIT attacks",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 2918997,
	"plain_text": "US govt contractor Serco discloses data breach after MoveIT attacks\r\nBy Sergiu Gatlan\r\nPublished: 2023-08-03 · Archived: 2026-04-05 19:10:58 UTC\r\nSerco Inc, the Americas division of multinational outsourcing company Serco Group, has disclosed a data breach after\r\nattackers stole the personal information of over 10,000 individuals from a third-party vendor's MoveIT managed file transfer\r\n(MFT) server.\r\nIn a breach notification filed with the Office of the Maine Attorney General, Serco said that the information was exfiltrated\r\nfrom the file transfer platform of CBIZ, its benefits administration provider.\r\n\"On June 30, 2023, Serco was made aware that our third-party benefits administration provider, CBIZ, experienced a\r\nransomware attack and data breach,\" the company explained.\r\nhttps://www.bleepingcomputer.com/news/security/us-govt-contractor-serco-discloses-data-breach-after-moveit-attacks/\r\nPage 1 of 4\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/us-govt-contractor-serco-discloses-data-breach-after-moveit-attacks/\r\nPage 2 of 4\n\nVisit Advertiser websiteGO TO PAGE\r\n\"We understand from CBIZ that the incident began in May 2023 and CBIZ took steps to mitigate the incident on June 5,\r\n2023. To be clear, the breach of CBIZ's systems did not affect the safety and security of Serco's systems.\"\r\nThe personal information compromised in the attack includes any combination of the following: name, U.S. Social Security\r\nNumber, date of birth, home mailing address, Serco and/or personal e-mail address, and selected health benefits for the year.\r\nSerco is currently collaborating with CBIZ to investigate the breach and assess the full extent of the incident, focusing on\r\nensuring that the third-party vendor has implemented security measures to prevent future incidents.\r\nAccording to CBIZ, a cybersecurity firm is also conducting a thorough investigation into the matter.\r\nSerco's client roster includes a long list of U.S. federal agencies, including the Departments of Homeland Security, Justice,\r\nand State, as well as U.S. Intelligence Agencies and multiple U.S. Armed Forces branches (e.g., Navy, Army, Marine Corps,\r\nAir Force).\r\nSerco is also a contractor for U.S. state and local governments and the Canadian government, and it also provides services to\r\nhigh-profile commercial customers such as Pfizer, Capital One, and Wells Fargo.\r\nThe company employs over 50,000 people across 35 countries and has an annual revenue of over $5,7 billion in 2022.\r\nClop gang behind the MoveIT hacks\r\nThe Clop ransomware gang initiated a large-scale data-theft campaign exploiting a zero-day vulnerability in the MOVEit\r\nTransfer secure file transfer platform starting May 27th.\r\nOn June 15, the cybercrime group began extorting organizations that fell victim to the data theft attacks, with the threat\r\nactors publicly exposing their names on their dark web data leak site.\r\nThe impact of these attacks is expected to extend to hundreds of companies worldwide, with many having already notified\r\naffected customers during the past two months.\r\nDespite the many potential victims, Coveware estimates that only a few will likely give in to the Clop's ransom demands.\r\nNevertheless, Clop is still projected to amass between $75-100 million after the payments due to their high ransom demands.\r\nThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has also revealed that several U.S. federal agencies have\r\nfallen victim to the attacks, as reported by CNN.\r\nIn addition, Federal News Network said that two U.S. Department of Energy (DOE) entities were also impacted.\r\nhttps://www.bleepingcomputer.com/news/security/us-govt-contractor-serco-discloses-data-breach-after-moveit-attacks/\r\nPage 3 of 4\n\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/us-govt-contractor-serco-discloses-data-breach-after-moveit-attacks/\r\nhttps://www.bleepingcomputer.com/news/security/us-govt-contractor-serco-discloses-data-breach-after-moveit-attacks/\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/us-govt-contractor-serco-discloses-data-breach-after-moveit-attacks/"
	],
	"report_names": [
		"us-govt-contractor-serco-discloses-data-breach-after-moveit-attacks"
	],
	"threat_actors": [],
	"ts_created_at": 1775434820,
	"ts_updated_at": 1775791326,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/3a9ea5fb14ec44ec0b7fb9dbe5398440662bba43.pdf",
		"text": "https://archive.orkl.eu/3a9ea5fb14ec44ec0b7fb9dbe5398440662bba43.txt",
		"img": "https://archive.orkl.eu/3a9ea5fb14ec44ec0b7fb9dbe5398440662bba43.jpg"
	}
}