On July 23, 2024, Pinnacle Claims Management, Inc. suffered a data breach stemming from a security vulnerability in Progress Software’s MOVEit file transfer application, as reported by the California Office of the Attorney General on November 19, 2024. The incident exposed personal information, including names and potentially other sensitive details, though the exact number of affected individuals remains undisclosed. The breach highlights risks associated with third-party software vulnerabilities, which cybercriminals frequently exploit to infiltrate systems and exfiltrate data. While the full scope of the compromised data is unclear, the exposure of personal identifiers raises concerns about potential identity theft, fraud, or misuse of the leaked information. The incident underscores the critical need for robust patch management and proactive monitoring of third-party tools to mitigate such risks. No evidence suggests ransomware or direct financial harm, but the unauthorized access to personal data poses reputational and compliance risks for the company.
Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-595115
TPRM report: https://www.rankiteo.com/company/pinnacle-claims-management-inc
"id": "pin1017090725",
"linkid": "pinnacle-claims-management-inc",
"type": "Breach",
"date": "7/2024",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Claims Management / Insurance',
'location': 'California, USA',
'name': 'Pinnacle Claims Management, Inc.',
'type': 'Corporation'}],
'attack_vector': 'Exploitation of software vulnerability (Progress Software’s '
'MOVEit)',
'data_breach': {'data_exfiltration': 'Likely (breach involved data exposure)',
'personally_identifiable_information': True,
'sensitivity_of_data': 'Moderate (personally identifiable '
'information)',
'type_of_data_compromised': ['Personal information (e.g., '
'names)']},
'date_detected': '2024-07-23',
'date_publicly_disclosed': '2024-11-19',
'description': 'The California Office of the Attorney General reported that '
'Pinnacle Claims Management, Inc. experienced a data breach on '
'July 23, 2024, due to a security vulnerability in Progress '
'Software’s MOVEit file transfer application. The breach may '
'have involved personal information such as names and other '
'elements, but specific details about the number of affected '
'individuals were not provided.',
'impact': {'data_compromised': ['Personal information (e.g., names)'],
'identity_theft_risk': 'Potential (personal information exposed)',
'systems_affected': ['Progress Software MOVEit file transfer '
'application']},
'investigation_status': 'Disclosed; details limited',
'post_incident_analysis': {'root_causes': ['Exploitation of unpatched '
'vulnerability in third-party '
'software (MOVEit)']},
'references': [{'date_accessed': '2024-11-19',
'source': 'California Office of the Attorney General'}],
'regulatory_compliance': {'regulations_violated': ['Potential violation of '
'California data breach '
'notification laws (e.g., '
'CCPA)'],
'regulatory_notifications': ['California Office of '
'the Attorney '
'General']},
'response': {'communication_strategy': 'Public disclosure via California '
'Office of the Attorney General'},
'title': 'Pinnacle Claims Management, Inc. Data Breach via MOVEit '
'Vulnerability',
'type': 'Data Breach',
'vulnerability_exploited': 'Progress Software MOVEit file transfer '
'application vulnerability'}