Andesa Services

The Vermont Office of the Attorney General disclosed a data breach at Andesa Services, where unauthorized actors gained access to its MOVEit Transfer server between May 30, 2023, and May 31, 2023. The incident exposed personal information of an unknown number of individuals, though the exact nature of the compromised data (e.g., financial records, identities, or sensitive details) and the total count of affected parties remain undisclosed.The breach stems from a vulnerability in the MOVEit Transfer file-sharing platform, a widely exploited zero-day flaw (CVE-2023-34362) that enabled attackers to exfiltrate data from organizations using the software. While Andesa Services has not confirmed whether the exposed data includes customer records, employee details, or third-party information, the lack of specificity heightens concerns over potential identity theft, fraud, or regulatory penalties. The company has likely initiated investigations, notified relevant authorities, and may offer credit monitoring or remediation measures, though public statements on mitigation steps are limited.Given the unauthorized access to a file-transfer system and the potential compromise of personal data, the incident underscores risks associated with third-party software vulnerabilities and the broader implications for data privacy and corporate liability. The long-term impact could extend to reputational damage, legal repercussions, or financial losses if the exposed data is misused.

Source: https://ago.vermont.gov/document/2023-10-23-andesa-services-progress-software-moveit-data-breach-notice-consumers

TPRM report: https://www.rankiteo.com/company/varadero-andesa---paita

"id": "var1020090725",
"linkid": "varadero-andesa---paita",
"type": "Breach",
"date": "5/2023",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'customers_affected': 'Unknown',
                        'name': 'Andesa Services',
                        'type': 'Company'}],
 'data_breach': {'number_of_records_exposed': 'Unknown',
                 'personally_identifiable_information': 'Potentially '
                                                        'Compromised',
                 'type_of_data_compromised': 'Personal Information'},
 'description': 'The Vermont Office of the Attorney General reported that '
                'Andesa Services experienced a data breach involving '
                'unauthorized access to its MOVEit Transfer server, which '
                'occurred between May 30, 2023 and May 31, 2023. The breach '
                'potentially affected personal information of an unknown '
                'number of individuals, although specific details about the '
                'information compromised and the total number of affected '
                'individuals were not provided.',
 'impact': {'data_compromised': 'Personal Information (unspecified)',
            'identity_theft_risk': 'Potential (unspecified)',
            'systems_affected': ['MOVEit Transfer Server']},
 'references': [{'source': 'Vermont Office of the Attorney General'}],
 'regulatory_compliance': {'regulatory_notifications': ['Vermont Office of the '
                                                        'Attorney General']},
 'title': 'Andesa Services MOVEit Transfer Server Data Breach',
 'type': 'Data Breach',
 'vulnerability_exploited': 'MOVEit Transfer Server Vulnerability'}

Andesa Services

Tristar Insurance Group: Tristar Insurance Group Data Breach Class Action Settlement

Connected Credit Union: Connected Credit Union Data Breach Exposes Sensitive PII Including SSNs

Rockstar Games, Anodot, McGraw Hill, Vimeo, Match Group and ADT: Video site Vimeo blames security incident on Anodot breach