On August 23, 2023, Sovos Compliance LLC (“Sovos”) filed a notice of data breach on behalf of several companies after learning a vulnerability in the MOVEit file-transfer application used by Sovos contained a critical vulnerability. In this notice, Sovos explains that the incident resulted in an unauthorized party being able to access consumers’ sensitive information, which includes their names and Social Security numbers. Upon completing its investigation, Sovos began sending out data breach notification letters to all individuals whose information was affected by the recent data security incident.
If you received a data breach notification from Sovos Compliance LLC referring to information you provided to Allegis Group, Barrett Business Services Inc., Delta Dental of Iowa, GreenSky, or Midland States Bank, it is essential you understand what is at risk and what you can do about it. A data breach lawyer can help you learn more about how to protect yourself from becoming a victim of fraud or identity theft, as well as discuss your legal options following the Sovos Compliance MOVEit data breach. For more information, please see our recent piece on the topic here.
What Caused the MOVEit / Sovos Compliance Breach?
The Sovos Compliance data breach was only recently announced, and more information is expected in the near future. However, Sovos’ filing with the Attorney General of Maine provides some important information on what led up to the breach. According to this source, the incident involved Sovos’ instance of the MOVEit file-transfer application, which Sovos learned contained a critical vulnerability on May 31, 2023. This vulnerability allowed unauthorized actors to access confidential information stored on Sovos’ MOVEit server.
Sovos serves as a vendor to other companies, providing services related to unclaimed property claims. In this role, Sovos accepts confidential information. Specifically, this incident involved the following organizations:
- Allegis Group
- Barrett Business Services Inc.
- Delta Dental of Iowa
- GreenSky
- Midland States Bank
Thus, information that consumers provided to any of the above businesses was then provided to Sovos. When hackers accessed Sovos’ MOVEit server, they were able to access the consumer data.
After learning that sensitive consumer data was accessible to an unauthorized party, Sovos Compliance reviewed the compromised files to determine what information was leaked and which consumers were impacted. While the breached information varies depending on the individual, it may include your name and Social Security number.
On August 23, 2023, Sovos Compliance sent out data breach letters to anyone who was affected by the recent data security incident. These letters should provide victims with a list of which information of theirs was compromised.
More Information About Sovos Compliance LLC
Founded in 1979, Sovos Compliance LLC is a financial software company based out of Wilmington, Massachusetts. Sovos creates software solutions for tax determination, continuous transaction control compliance, and tax & regulatory reporting. Sovos Compliance employs more than 2,400 people and generates approximately $504 million in annual revenue.