Millions affected by massive hacks of MOVEit as the list of victims continues to grow

Photo of author

By Webdesk


Hackers have compromised the personal data of more than 15 million individuals by exploiting a vulnerability in the MOVEit file transfer tool, while the number of victim organizations continues to grow.

There are more than 140 known victims of Clop ransomware attacks targeting a vulnerability in MOVEit Transfer, an enterprise file transfer tool developed by Progress Software. Brett Callow, a ransomware expert and threat analyst at Emsisoft, tells TechCrunch that while only 10 of these victims have so far confirmed the number of people affected, the number already exceeds 15.5 million.

This includes about 3.5 million Oregon driver’s license holders; about six million Louisiana residents; some 770,000 members of the California Public Employees’ Retirement System; between 2.5 and 2.7 million Genworth Finance clients; approximately 1.5 million customers of insurer Wilton Reassurance; more than 170,000 Tennessee Consolidated Retirement System beneficiaries; and more than half a million Talcott Resolution customers.

Callow tells TechCrunch that the massive hacks also include the US educational nonprofit National Student Clearinghouse, which could be a “potentially significant” breach in terms of numbers. The organization, which began informing schools about the data breach, has partnered with 3,600 colleges and universities and 22,000 high schools.

Callow noted that at least seven of the known MOVEit victims are U.S. universities and 16 U.S. public sector organizations.

This includes the U.S. Department of Health and Human Services (HHS), according to Bloomberg, which reported Wednesday that officials notified Congress of an incident in which more than 100,000 individuals were exposed. HHS did not respond to TechCrunch’s questions and has not yet been added to Clop’s dark web leak site.

The US cybersecurity agency CISA previously told TechCrunch that “several” US government agencies had experienced intrusions related to the exploitation of the MOVEit transfer flaw, and a spokesperson for the Department of Energy confirmed that this included two DOE entities.

Not only government services are targeted.

Clop, who claimed responsibility for the widespread attacks, has added dozens of new victims to his leak site this week alone, including banks, consulting and legal firms, and energy giants.

Siemens Energy spokesperson Claudia Nehring confirmed to TechCrunch that the company is one of the targets of the MOVEit attacks. “Based on the current analysis, no critical data has been compromised and our operations are not compromised. We took immediate action when we learned of the incident,” Nehring added.

The University of California (UCLA), which used MOVEit Transfer to transfer files across campus and to other entities, is also one of Clop’s new victims. UCLA spokesperson Marge Gray told TechCrunch that the university has “notified the FBI and is working with outside cybersecurity experts to investigate the matter” and notifying those affected. UCLA declined to say how many people were affected.

None of the other victims mentioned by Clop have yet responded to TechCrunch’s requests for comment.

The exact number of affected organizations and subsequently violated individuals remains unknown. In a post on his leak site, Clop claims he has compromised “hundreds” of organizations, meaning more victims are likely to come to light in the coming days and weeks.

In light of this latest spate of mass attacks, the US State Department earlier this month offered a $10 million bounty for information about the Clop ransomware group, a Russian-affiliated gang also responsible for previous mass attacks involving abuses. was made from errors in Fortra’s GoAnywhere file transfer tool and Accellion’s file transfer application.


Do you work for an affected organization? Do you have more information you can share? You can safely contact Carly Page via Signal on +441536 853968 and by email. You can also share tips and documents with TechCrunch via SecureDrop.



Source link

Share via
Copy link