In May, the file transfer platform, MOVEit by Progress Software, faced a security breach orchestrated by the Russian ransomware group known as Cl0p. They exploited a previously undiscovered vulnerability in the software. Although a patch was promptly released post the discovery of the attack, several users failed to update, leaving them vulnerable.
MOVEit is extensively used globally by numerous government bodies, financial institutions, and various other public and private entities. Estimates suggest that around 455 organizations and over 23 MILLION individuals, who relied on MOVEit, have potentially had their data compromised.
Here are some notable organizations that were affected:
- The US Department of Energy
- New York City Department of Education
- Ernst & Young
- Northwest Mutual
- Pacific Premier Bank
- TransAmerica Life Insurance
- Bristol Myers Squibb
- Gen/Norton LifeLock
- Radisson Hotel
- British Airways
About 73% of these organizations are US-based, with the rest scattered globally. The most affected sectors include finance, professional services, and educational institutions.
Cl0p ransomware, which has been active since 2019, posts stolen data on the dark web—a hidden realm of the internet known for illicit trade. The ransomware is associated with FIN11, a cybercrime group with links to Russia and Ukraine, believed to operate under the larger conglomerate, TA505.
The worrying aspect of this breach is its ripple effect. Many affected organizations cater to other businesses, institutions, and individuals, meaning secondary data exposure is probable.
Did you receive a breach notification?
Surprisingly, this significant breach flew under the radar of mainstream media. Nevertheless, affected companies are legally bound to inform those whose data might have been exposed. Such notifications could be via email or traditional mail. Given the unreliability of email deliveries and the time taken to dispatch physical letters to millions, many might still be unaware.
If you’re associated with MOVEit, prioritize updating all your passwords and PINs. Ensure they are unique, contain a mix of characters, numbers, and symbols, and are at least 12 characters long. Enable multifactor authentication (MFA) on crucial software and web services, including Microsoft Office, QuickBooks, banking apps, payment processors, and more.
Concerned about your company’s data on the dark web? Click here to request a complimentary Dark Web Scan for your organization (note: this is not available for individuals). Provide us your domain, and we’ll analyze the data and offer a confidential review. For inquiries, feel free to reach out to us. Call us at 301-202-6521