Skip to main content

NASCO Data Breach Investigation | MOVEit Transfer

The Lyon Firm is currently involved in a number of security breach incidents linked to the MOVEit Transfer ransomware attack in which hundreds of entities and millions of consumers were impacted. NASCO is one of the latest companies to announce a notice of data breach, reporting that the personal data of over 804,000 individuals may have been compromised.

What Happened at NASCO?

On July 12, 2023, NASCO, a subsidiary of Blue Cross Blue Shield of Michigan, and a provider of healthcare technology solutions, discovered that it had experienced a data breach in which the personal identifiable information of thousands of individuals in its system may have been accessed and acquired.

After an investigation, NASCO determined that an unauthorized actor may have accessed this sensitive information in late May 2023 through a vulnerability in the MOVEit file sharing platform. On October 20, 2023, NASCO began sending out notice of data breach to those impacted and Attorneys General around the country. The type of information exposed may include:

  • Names
  • Social Security numbers

More About NASCO

NASCO, operating out of Atlanta, Georgia, is an independent subsidiary of Blue Cross Blue Shield of Michigan. The company offers software solutions and technology to health plans to help automate and streamline their processes both internally and for clients. NASCO has exclusively served Blue Cross and Blue Shield Plans for over 30 years.

What is MOVEit?

MOVEit is a file transfer program owned by Progress Software. In May 2023, a ransomware group called CL0P gained access to the software and stole a large amount of data. The MOVEit software is used by a wide range of organizations in the public and private sector to electronically move sensitive personal data. Obviously it was a huge target for a reason, and hackers found a vulnerability to exploit. The data breach ultimately hit financial companies, government agencies, pension funds, schools and healthcare companies. Tens of millions of people have been impacted worldwide.

Can I File a Data Breach Lawsuit?

We handle a variety of data privacy cases, and have had success settling data theft claims for plaintiffs in all fifty states. Following any data security incident in which your personal information is compromised, it is important to mitigate the risks of future identity theft and fraud. It is advisable to stay vigilant to frequently monitor your credit history and accounts. There are a number of software solutions available following a cyberattack to help you stay protected. Contact our attorneys to learn more and to consider legal action.

Our lawyers are working alongside some of the biggest firms in the nation on a wide range of data privacy litigation. We believe strongly that entities that collect and store your personal information have a duty to protect it. When companies fail to build and maintain a reasonably secure IT network, and a data theft incident occurs, victims can file a class action data breach lawsuit and hold the company accountable.

Contact our data breach lawyers to learn more about the MOVEit Transfer ransomware attack, and to assess your eligibility to file a NASCO data breach claim. Free and confidential consultations available.