Hackers have struck MOVEit data services used by the U.S. government.

Maximus confirmed back in July that the Colorado Department of Health Care Policy and Financing had suffered the data breach, however, MOVEit reported the vulnerability and patched it prior to that on May 31.

The breach resulted in the personal health data belonging to between 9 and 11 million people being exposed. It is suspected that the breach could be linked to IBM’s data breaches where Health Care Policy and Financing information was migrated into the main flow of the business.

Progress Corp, the company that developed MOVEit, publicly confirmed the targeted data attacks on its file system, which impacted at least one of its customers.

In June, an article published by The Financial Times suggested that the nature of data stolen in MOVEit breaches could be used by hackers to commit another type of scam, known as deepfake ID fraud.