In October and November of 2023, Westat, Inc. filed two data breach notices with the U.S. Department of Health and Human Services Office for Civil Rights following the company’s discovery that a vulnerability within MOVEit enabled hackers to access confidential information in the company’s possession. In other notices submitted by Westat, the company explains that the incident resulted in an unauthorized party being able to access consumers’ sensitive information, which includes their names, Social Security numbers, and protected health information. Upon completing its investigation, Westat began sending out data breach notification letters to all individuals whose information was affected by the recent data security incident.
If you receive a data breach notification from Westat, Inc., it is essential you understand what is at risk and what you can do about it. A data breach lawyer can help you learn more about how to protect yourself from becoming a victim of fraud or identity theft, as well as discuss your legal options following the Westat MOVEit data breach. For more information, please see our recent piece on the topic here.
What Caused the Data Breach Affecting Westat?
The Westat MOVEit data breach was only recently announced, and more information is expected in the near future. However, Westat’s various filings with the U.S. Department of Health and Human Services Office for Civil Rights and state attorneys general offices provide some important information on what led up to the breach. According to these sources, Westat uses a secure file-transfer software called MOVEit, which was created by Progress Software.
Earlier this year, Progress Software recently announced a zero-day vulnerability impacting organizations worldwide, including Westat. On May 30, 2023, Westat identified unusual activity within its MOVEit server.
In response, Westat launched an investigation into the incident with the help of outside cybersecurity specialists. This investigation ultimately revealed that an unauthorized party accessed—and may have removed—files containing confidential consumer information between May 28, 2023 and May 29, 2023.
After learning that sensitive consumer data was accessible to an unauthorized party, Westat reviewed the compromised files to determine what information was leaked and which consumers were impacted. While the breached information varies depending on the individual, it may include your name, Social Security number and protected health information. The total number of people affected appears to be approximately 70,000, based on two filings with the HHS-OCR on October 13, 2023 and November 3, 2023.
Recently, Westat sent out data breach letters to anyone who was affected by the recent data security incident. These letters should provide victims with a list of what information belonging to them was compromised.
More Information About Westat, Inc.
Founded in 1963, Westat, Inc. is a research, statistical survey, and communications business based in Rockville, Maryland. Westat offers its customers a range of services, including surveys, program assessments and evaluations, capacity building and training, clinical trials management and operations, epidemiological studies, and communication and dissemination strategies. Westat employs more than 1,700 people and generates approximately $367 million in annual revenue.
