Vulnerability cyber

Teachers' Retirement System of the City of New York

May 29, 2023 1 min read
Teachers' Retirement System of the City of New York

On July 24, 2023, the California Attorney General's Office reported a data breach involving the Teachers’ Retirement System of the City of New York (TRS). The breach occurred on May 29 and May 30, 2023, when an unauthorized third party accessed data through a vulnerability in the MOVEit Transfer application, potentially affecting TRS payees' personal information, including names and Social Security numbers. The number of individuals affected is unknown.

Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-570789

TPRM report: https://www.rankiteo.com/company/trsnyc

"id": "trs351072625",
"linkid": "trsnyc",
"type": "Vulnerability",
"date": "5/2023",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"
{'affected_entities': [{'industry': 'Public Sector',
                        'location': 'New York, NY',
                        'name': 'Teachers’ Retirement System of the City of '
                                'New York',
                        'type': 'Government'}],
 'attack_vector': 'Vulnerability Exploitation',
 'data_breach': {'personally_identifiable_information': ['Names',
                                                         'Social Security '
                                                         'numbers'],
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Personal Information']},
 'date_detected': '2023-07-24',
 'date_publicly_disclosed': '2023-07-24',
 'description': 'Unauthorized third party accessed data through a '
                'vulnerability in the MOVEit Transfer application, potentially '
                "affecting TRS payees' personal information, including names "
                'and Social Security numbers.',
 'impact': {'data_compromised': ['Names', 'Social Security numbers'],
            'systems_affected': ['MOVEit Transfer application']},
 'initial_access_broker': {'entry_point': 'MOVEit Transfer application '
                                          'vulnerability'},
 'post_incident_analysis': {'root_causes': 'Vulnerability in MOVEit Transfer '
                                           'application'},
 'references': [{'date_accessed': '2023-07-24',
                 'source': "California Attorney General's Office"}],
 'threat_actor': 'Unauthorized third party',
 'title': 'Data Breach at Teachers’ Retirement System of the City of New York',
 'type': 'Data Breach',
 'vulnerability_exploited': 'MOVEit Transfer application vulnerability'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.