The Maine Attorney General's Office reported that Enstar (US) Inc. experienced a data breach involving unauthorized access to its MOVEit Transfer server between May 29, 2023, and May 31, 2023, due to a zero-day vulnerability exploited by the criminal group 'CL0P'. The breach potentially exposed personal information of 69 Maine residents, including names, Social Security numbers, and driver's license numbers. Written notice was provided to affected individuals on November 20, 2023.
TPRM report: https://www.rankiteo.com/company/enstar-group-ltd
"id": "ens220072725",
"linkid": "enstar-group-ltd",
"type": "Breach",
"date": "5/2023",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 69,
'name': 'Enstar (US) Inc.',
'type': 'Company'}],
'attack_vector': 'Zero-day vulnerability',
'data_breach': {'number_of_records_exposed': 69,
'personally_identifiable_information': True,
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Names',
'Social Security numbers',
"Driver's license numbers"]},
'date_detected': '2023-05-29',
'date_publicly_disclosed': '2023-11-20',
'description': "Unauthorized access to Enstar (US) Inc.'s MOVEit Transfer "
'server due to a zero-day vulnerability exploited by the '
"criminal group 'CL0P'.",
'impact': {'data_compromised': ['Names',
'Social Security numbers',
"Driver's license numbers"],
'systems_affected': 'MOVEit Transfer server'},
'initial_access_broker': {'entry_point': 'MOVEit Transfer server'},
'post_incident_analysis': {'root_causes': 'Zero-day vulnerability in MOVEit '
'Transfer server'},
'references': [{'date_accessed': '2023-11-20',
'source': "Maine Attorney General's Office"}],
'threat_actor': 'CL0P',
'title': 'Enstar (US) Inc. Data Breach',
'type': 'Data Breach',
'vulnerability_exploited': 'MOVEit Transfer server vulnerability'}