On July 19, 2023, the Vitality Group (“Vitality”) filed a notice of data breach with the Attorney General of Massachusetts on behalf of Alfa Laval, Inc. after learning that MOVEit, a file transfer software used by Vitality, contained a critical vulnerability. As a result, Vitality notes that an unauthorized party was able to access confidential information belonging to certain Alfa Laval employees. Upon completing its investigation, Vitality began sending out data breach notification letters to all Alfa Laval employees who were affected by the recent data security incident.
If you received a MOVEit data breach notification from the Vitality Group, it is essential you understand what is at risk and what you can do about it. As we’ve reported previously, the MOVEit vulnerability has resulted in hundreds of data breaches around the world. And new breaches are being announced each day. As a result, millions of U.S. consumers are facing a significantly higher risk of identity theft and other frauds. A data breach lawyer can help you learn more about how to protect yourself from becoming a victim of fraud or identity theft as well as discuss your legal options following the Vitality data breach. For more information, please see our recent piece on the topic here.
What Caused the Vitality Group / Alfa Laval Breach?
The Vitality / Alfa Laval data breach was only recently announced, and more information is expected in the near future. However, we know the breach involved MOVEit, a popular file transfer program. According to Vitality’s filing with the Attorney General of Massachusetts, Vitality provides certain employee-wellness services to Alfa Laval. In order to allow Vitality to carry out these services, Alfa Laval provides Vitality with certain confidential information about its employees.
Evidently, Vitality uses a file-transfer software called MOVEit, which is a product created by Progress Software, LLC. On May 30, 2023, MOVEit experienced a critical vulnerability that allowed hackers to access information stored on its client’s MOVEit servers. This vulnerability was discovered by Progress Software on May 31, 2023. Based on Vitality’s data breach letter, Vitality learned about the vulnerability on June 1, 2023.
In response, Vitality disconnected the MOVEit software from its server, eliminating the risk of any future unauthorized access. However, Vitality subsequently determined that an unauthorized party was able to access confidential information belonging to Alfa Laval employees.
After learning that sensitive consumer data was accessible to an unauthorized party, Vitality reviewed the compromised files to determine what information was leaked and which consumers were impacted.
On July 19, 2023, Vitality sent out data breach letters on behalf of Alfa Laval to all employees who were affected by the recent data security incident. So, while the Vitality / Alfa Laval data breach did not result in hackers accessing Alfa Laval’s computer system, hackers were able to access confidential employee information as a result of the MOVEit vulnerability.
More Information About Alfa Laval and the Vitality Group
Founded in 1883, Alfa Laval is a manufacturing and engineering company based out of Lund, Sweden. The company specializes in designing and manufacturing products for heavy industrial applications. Some of Alfa Laval’s products include ballast water treatment systems, boilers, decanters, exhaust gas cleaning equipment, heat exchangers and separators. Alfa Laval employs more than 20,300 people and generates approximately $4 billion in annual revenue.
Established in 2005, Vitality Group International, Inc. is a software company based out of Chicago, Illinois. Vitality created a mobile platform that provides health and wellness updates in real-time, encouraging its customers’ employees to prioritize their health through incentives, data and behavioral science. Vitality’s software is used by more than 30 million people in 40 markets across the world. Vitality Group employs more than 359 people and generates approximately $99 million in annual revenue.