Canadian-based gold miner among the latest MOVEit data breach victims

Share post:

One of the biggest gold and copper miners in the world is among the latest companies to be listed as victims of the vulnerability in Progress Sofware’s MOVEit file transfer platform, according to a cybersecurity researcher.

Brett Callow, Canadian-based threat researcher for Emsisoft, tweeted today that Barrick Gold Corp. of Toronto has been listed by the Clop/Cl0p ransomware and data theft gang as being among the companies it hit.

Neither Barrick’s CEO nor its press spokesperson have responded to requests for comment by press time. This story will be updated when they reply.

Two other victims were listed by Clop today, making the total number of publicly-reported victim organizations 193, according to Callow. It isn’t known how many of them paid to prevent their stolen data from being leaked either publicly or to other crooks.

Barrick, which says it is the largest gold producer in the U.S., posted net earnings of US$432 million on US$5.6 billion in sales in its last fiscal year, through its 15 gold and three copper mines in 12 countries.

The other organizations listed as victims today by Clop are Texas Dow Employees Credit Union and the Texas-based United Regional Health Care System.

Also today, Progress Software said that in response to customer demand for a regular update schedule, its MOVEit team has formalized a regular Service Pack program for all MOVEit products. “We expect to release a new Service Pack approximately every two months going forward,” the company said. “All details on major releases, service packs, including today’s release, and hot fixes can be found in the MOVEit Product Hub.

The first Service Pack is now available, and includes product and security fixes for supported versions of MOVEit Transfer. The Service Pack has also been applied to MOVEit Cloud. MOVEit Automation will be included in future Service Pack releases. Today’s release includes improvements to the MOVEit Transfer database, optimization of the installer, and fixes for three new CVEs.

A wide range of companies that either use MOVEit internally or through a service provider have acknowledged being victims. They include:

–the Metro Vancouver Transit Police department. The agency said this week 186 of its files were copied. That is a “limited number” of its files, the agency added. There were no details about what was in the files;

— Oregon’s Department of Transportation, which said data on 3.5 million residents of the state was copied. It can’t say specifically what was copied, but those with active Oregon ID or drivers’ licences should assume related information was involved;

–Louisiana’s Office of Motor Vehicles, which said all residents with a state-issued driver’s licence, ID or car registration had personal data copied. That includes their names, addresses, Social Security numbers;

the New York City public school system, which said personal data of more than 45,000 students and staff were copied.

The post Canadian-based gold miner among the latest MOVEit data breach victims first appeared on IT World Canada.
Howard Solomon
Howard Solomonhttps://www.itworldcanada.com
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

SUBSCRIBE NOW

Related articles

Hackers Plant False Memories in ChatGPT to Steal User Data

A security researcher has uncovered a vulnerability in ChatGPT that could allow hackers to store false information and...

“Octo2” Trojan Targets Bank Accounts by Posing as VPN or Chrome Apps on Android

A new malware variant called “Octo2” is spreading across Android devices by posing as popular apps like NordVPN...

Evilginx – Open source tool can bypass Multi-Factor Authentication (MFA)

Security vendor Abnormal Security is reporting a new cybersecurity tool that is gaining traction among cybercriminals. The tool,...

Kaspersky’s exit from US market frightens some customers

Kaspersky, the Russian cybersecurity firm, has unexpectedly removed its antivirus software from U.S. customers' computers, replacing it with...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways