Breaking News
More () »

Human services provider reports data breach

Maximus Human Services said the breach happened in May of this year.

DENVER — Maximus Human Services Inc., a service provider for Colorado's Department of Human Services (CDHS), notified people of a data breach that risks the privacy of many people's personal information Friday.

According to their release, Maximus supports some government programs of CDHS' Division of Child Support Services, including the State Directory of New Hires— this directory is the place where employers report all new employees, providing information such as their full name, Social Security number and address.

Maximus said people's information could have been involved in the data breach because the department uses their services to collect the information employers report to CDHS and other Child Support Service divisions in the U.S.

On May 30, the company detected unusual activity regarding MOVEit Transfer, a third-party software app by Progress Software Corporation that stored information for Maximus and other organizations around the world, per the release. 

The company learned that, between May 27 and 31, an "unauthorized party obtained copies of certain files that were saved in the Maximus MOVEit application" — Progress Software Corporation announced that this unauthorized party affected many other MOVEit customers, Maximus said. 

Personal information involved in this data breach may include:

  • Names
  • Social Security numbers
  • Addresses
  • Dates of birth

As of Friday, Maximus has not found evidence that the stolen data has been "improperly used."

Maximus said they've been working with the department since being notified of the incident and claimed they took the MOVEit app offline as soon as they detected suspicious activity; additionally, the company said they launched a forensic investigation to see who was affected. 

Maximus is offering two years of free credit monitoring, identity restoration and fraud detection services through Experian to those affected. The company said it is also enhancing its cybersecurity practices.

In their release, Maximus recommends that affected individuals "regularly monitor account statements and monitor free credit reports." Should any suspicious activity be found, the company suggested that people contact the company that maintains their accounts.

For additional information, people can call 1-833-919-4749 toll-free. Calls are taken Monday through Friday from 7 a.m. to 9 p.m., or Saturday and Sunday from 9 a.m. to 6 p.m. Mountain Time. People who got a letter in the mail about the incident should be prepared to provide the engagement number listed in the letter.


Before You Leave, Check This Out