/

Vitality Data Breach: What & How It Happened?

Vitality Data Breach: What & How It Happened?

Twingate Team

Jun 28, 2024

In June 2023, the Vitality Group faced a security incident involving software they used. This incident potentially exposed sensitive information of certain individuals from other organizations. Vitality has notified all impacted parties.

How many accounts were compromised?

The data breach compromised the personal information of approximately 272,000 individuals.

What data was leaked?

The data exposed in the breach included names, Social Security numbers, mailing addresses, dates of birth, and health information of affected Brookfield Asset Management and GuidePoint Security employees, as well as consumers.

How was Vitality hacked?

Unauthorized parties exploited a critical vulnerability in the MOVEit file transfer software used by the Vitality Group, gaining access to sensitive information of affected employees and consumers. The exact methods employed by the hackers remain unclear, as no specific malware was mentioned in relation to the breach.

Vitality's solution

In response to the hack, Vitality took immediate action by disconnecting the MOVEit software from its server, effectively eliminating the risk of further unauthorized access. While specific details on enhanced security protocols and collaboration with cybersecurity experts remain unclear, Vitality has been proactive in notifying affected individuals from both Brookfield Asset Management and GuidePoint Security. The company has sent out data breach notification letters to all affected employees and conducted a thorough investigation to assess the extent of the breach.

How do I know if I was affected?

Vitality has notified affected users about the data breach. If you are an employee of Brookfield Asset Management or GuidePoint Security and have not received a notification, you can visit Have I Been Pwned to check if your credentials have been compromised.

What should affected users do?

In general, affected users should:

  • Change Your Password: Immediately update your password for the breached account. Make sure the new password is strong and unique, not previously used on any other platform.

  • Reset Passwords for Other Accounts: If you've used the same or similar passwords for other online accounts, reset those as well. This is crucial as attackers often try using stolen passwords on multiple sites.

  • Enable Two-Factor Authentication (2FA): Activate 2FA on the breached account and any other important online accounts. Consider enabling this additional security feature to significantly reduce the risk of unauthorized access.

  • Monitor Your Accounts: Keep an eye on your accounts for any suspicious activity and report any unauthorized transactions or changes immediately.

For more specific help and instructions related to Vitality's data breach, please contact Vitality Member Support directly.

Where can I go to learn more?

If you want to find more information on the Vitality data breach, check out the following news articles:

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

/

Vitality Data Breach: What & How It Happened?

Vitality Data Breach: What & How It Happened?

Twingate Team

Jun 28, 2024

In June 2023, the Vitality Group faced a security incident involving software they used. This incident potentially exposed sensitive information of certain individuals from other organizations. Vitality has notified all impacted parties.

How many accounts were compromised?

The data breach compromised the personal information of approximately 272,000 individuals.

What data was leaked?

The data exposed in the breach included names, Social Security numbers, mailing addresses, dates of birth, and health information of affected Brookfield Asset Management and GuidePoint Security employees, as well as consumers.

How was Vitality hacked?

Unauthorized parties exploited a critical vulnerability in the MOVEit file transfer software used by the Vitality Group, gaining access to sensitive information of affected employees and consumers. The exact methods employed by the hackers remain unclear, as no specific malware was mentioned in relation to the breach.

Vitality's solution

In response to the hack, Vitality took immediate action by disconnecting the MOVEit software from its server, effectively eliminating the risk of further unauthorized access. While specific details on enhanced security protocols and collaboration with cybersecurity experts remain unclear, Vitality has been proactive in notifying affected individuals from both Brookfield Asset Management and GuidePoint Security. The company has sent out data breach notification letters to all affected employees and conducted a thorough investigation to assess the extent of the breach.

How do I know if I was affected?

Vitality has notified affected users about the data breach. If you are an employee of Brookfield Asset Management or GuidePoint Security and have not received a notification, you can visit Have I Been Pwned to check if your credentials have been compromised.

What should affected users do?

In general, affected users should:

  • Change Your Password: Immediately update your password for the breached account. Make sure the new password is strong and unique, not previously used on any other platform.

  • Reset Passwords for Other Accounts: If you've used the same or similar passwords for other online accounts, reset those as well. This is crucial as attackers often try using stolen passwords on multiple sites.

  • Enable Two-Factor Authentication (2FA): Activate 2FA on the breached account and any other important online accounts. Consider enabling this additional security feature to significantly reduce the risk of unauthorized access.

  • Monitor Your Accounts: Keep an eye on your accounts for any suspicious activity and report any unauthorized transactions or changes immediately.

For more specific help and instructions related to Vitality's data breach, please contact Vitality Member Support directly.

Where can I go to learn more?

If you want to find more information on the Vitality data breach, check out the following news articles:

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

Vitality Data Breach: What & How It Happened?

Twingate Team

Jun 28, 2024

In June 2023, the Vitality Group faced a security incident involving software they used. This incident potentially exposed sensitive information of certain individuals from other organizations. Vitality has notified all impacted parties.

How many accounts were compromised?

The data breach compromised the personal information of approximately 272,000 individuals.

What data was leaked?

The data exposed in the breach included names, Social Security numbers, mailing addresses, dates of birth, and health information of affected Brookfield Asset Management and GuidePoint Security employees, as well as consumers.

How was Vitality hacked?

Unauthorized parties exploited a critical vulnerability in the MOVEit file transfer software used by the Vitality Group, gaining access to sensitive information of affected employees and consumers. The exact methods employed by the hackers remain unclear, as no specific malware was mentioned in relation to the breach.

Vitality's solution

In response to the hack, Vitality took immediate action by disconnecting the MOVEit software from its server, effectively eliminating the risk of further unauthorized access. While specific details on enhanced security protocols and collaboration with cybersecurity experts remain unclear, Vitality has been proactive in notifying affected individuals from both Brookfield Asset Management and GuidePoint Security. The company has sent out data breach notification letters to all affected employees and conducted a thorough investigation to assess the extent of the breach.

How do I know if I was affected?

Vitality has notified affected users about the data breach. If you are an employee of Brookfield Asset Management or GuidePoint Security and have not received a notification, you can visit Have I Been Pwned to check if your credentials have been compromised.

What should affected users do?

In general, affected users should:

  • Change Your Password: Immediately update your password for the breached account. Make sure the new password is strong and unique, not previously used on any other platform.

  • Reset Passwords for Other Accounts: If you've used the same or similar passwords for other online accounts, reset those as well. This is crucial as attackers often try using stolen passwords on multiple sites.

  • Enable Two-Factor Authentication (2FA): Activate 2FA on the breached account and any other important online accounts. Consider enabling this additional security feature to significantly reduce the risk of unauthorized access.

  • Monitor Your Accounts: Keep an eye on your accounts for any suspicious activity and report any unauthorized transactions or changes immediately.

For more specific help and instructions related to Vitality's data breach, please contact Vitality Member Support directly.

Where can I go to learn more?

If you want to find more information on the Vitality data breach, check out the following news articles: