The Vermont Office of the Attorney General disclosed a data breach affecting Radius Global Solutions, linked to an exploitation of a vulnerability in the MOVEit web transfer application. The incident occurred on June 1, 2023, with public reporting on August 10, 2023. The breach involved unauthorized access to the system, potentially compromising personal information of an unknown number of individuals. The attack leveraged a known vulnerability in MOVEit, a widely used file-transfer tool, which had been actively targeted by threat actors in a broader campaign. While the exact scope of the exposed data remains undisclosed, such breaches typically involve sensitive personal details (e.g., names, addresses, Social Security numbers, or financial records). The exploitation of this vulnerability allowed attackers to exfiltrate data, raising concerns over identity theft, fraud, and reputational damage for the affected individuals and the company. Radius Global Solutions, a debt collection and customer service provider, handles large volumes of consumer data, amplifying the potential fallout. The breach underscores the risks associated with third-party software vulnerabilities and the cascading impact on organizations relying on such tools for secure data transfers. Investigations likely continue to determine the full extent of the compromise and mitigate further harm.
TPRM report: https://www.rankiteo.com/company/radius-global-solutions
"id": "rad039091825",
"linkid": "radius-global-solutions",
"type": "Breach",
"date": "6/2023",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Unknown',
'name': 'Radius Global Solutions',
'type': 'Company'},
{'industry': 'Legal/Regulatory',
'location': 'Vermont, USA',
'name': 'Vermont Office of the Attorney General',
'type': 'Government Agency'}],
'data_breach': {'data_exfiltration': True,
'number_of_records_exposed': 'Unknown',
'personally_identifiable_information': True,
'type_of_data_compromised': 'Personal Information'},
'date_publicly_disclosed': '2023-08-10',
'description': 'The Vermont Office of the Attorney General reported a data '
'breach involving Radius Global Solutions related to the '
'MOVEit web transfer application. The breach occurred on June '
'1, 2023, when a vulnerability was exploited, potentially '
'affecting an unknown number of individuals and compromising '
'their personal information.',
'impact': {'data_compromised': True,
'identity_theft_risk': True,
'systems_affected': ['MOVEit web transfer application']},
'references': [{'date_accessed': '2023-08-10',
'source': 'Vermont Office of the Attorney General'}],
'regulatory_compliance': {'regulatory_notifications': ['Vermont Office of the '
'Attorney General']},
'title': 'Data Breach at Radius Global Solutions via MOVEit Vulnerability',
'type': 'Data Breach',
'vulnerability_exploited': 'MOVEit web transfer application vulnerability'}