Cyber Incident Victim: Baesman Group

On or around May 29, 2023, an unknown actor improperly accessed the MOVEit Transfer server belonging to Baesman Group. This unauthorized access resulted in the actor taking certain data from the server. The security vulnerability that facilitated this breach was not initially discovered by Baesman Group but was instead part of a larger, widespread issue affecting the MOVEit Transfer tool, a software product developed by Progress Software Corp. The public disclosure of these security issues by Progress Software Corp. occurred on May 31, 2023, and again in June 2023. This public notification served as the initial trigger for Baesman Group's awareness of a potential problem within its own systems.

Upon learning of the broader security issues from the software vendor, Baesman Group moved quickly to implement the steps recommended by Progress Software Corp. to remedy the vulnerabilities. The company promptly launched an internal investigation to determine the potential impact these issues had on its specific MOVEit Transfer server and to assess the underlying security of the data stored on it. The investigation confirmed that the unauthorized access event had occurred on the specified date of May 29, 2023. The core finding of this investigation was that an external, unidentified party had successfully exploited the vulnerability to gain access to the server and exfiltrate data.

The investigation focused on determining the scope of the incident, specifically what data was present on the compromised server at the time of the intrusion. While the exact nature and full extent of the data taken were not detailed in the public notice, it was confirmed that the accessed server contained personal information belonging to individuals. As a result of this determination, Baesman Group initiated a process to notify those individuals whose information was present in the system during the incident. The company stated it had no evidence of any identity theft or fraud occurring in connection with this specific incident at the time of its public disclosure.

In response to the incident, Baesman Group established a dedicated call center to handle inquiries from potentially impacted individuals. This resource was made available at the phone number 1-888-441-6462, with operating hours from 9:00 a.m. to 9:00 p.m. Eastern Time, Monday through Friday, excluding holidays. The company's response also included providing guidance to individuals on how to protect themselves, though this was presented as general encouragement rather than a specific mitigation step directly related to the breached data.

The company advised potentially impacted individuals to remain vigilant against incidents of identity theft and fraud. This general guidance included recommendations to review account statements, monitor credit reports, and scrutinize explanation of benefits forms for any suspicious activity. Baesman Group also directed individuals to external resources for further information on protecting personal information. These resources included the three major credit bureaus, the Federal Trade Commission, and state Attorneys General offices. The notice provided the FTC's address, website, and phone number as a primary point of reference for individuals seeking assistance.

The public notification of the data privacy event was issued by Baesman Group on May 31, 2023. This date coincides with the initial public disclosure by Progress Software Corp., indicating a rapid public response from Baesman Group following the discovery of the issue. The breach is contextualized as a single incident within a much larger wave of compromises targeting the MOVEit file transfer application globally. The attacker's actions were limited to the access and acquisition of data from the specified server; no evidence was presented to suggest any further malicious activity, such as system destruction or deployment of ransomware, occurred within Baesman Group's network. The primary consequence of the incident was the confirmed exposure of personal data, leading to a mandatory notification process to inform affected parties. The operational response involved containment through the application of the software vendor's patches and remediation steps, followed by an investigation to understand the breach's scope and impact.