MOVEit zero-day compromises 600 organizations and 40 million individuals

Share post:

The Clop ransomware gang has used a zero-day vulnerability in MOVEit to attack over 600 companies and 40 million people including healthcare organizations, educational institutions, financial institutions, government entities, and others.

The attack, which appears to have been tested by Clop hackers since 2021, but broad exploitation appears to have begun in late May 2023, also exploited weaknesses in Fortra’s GoAnywhere file-transfer service and Accellion’s file-transfer devices. Meanwhile, federal contractor Maximus experienced one of the most serious breaches associated with the MOVEit event, possibly exposing personally identifiable information of up to 11 million people.

Even prestigious schools such as Colorado State University were not immune, falling prey to six separate attacks from diverse perspectives. Third-party suppliers for the institution, such as TIAA, National Student Clearinghouse, Corebridge Financial, Genworth Financial, Sunlife, and The Hartford, all disclosed data breaches connected to the MOVEit attacks.

The hack also spread its tentacles to prominent accounting companies such as Deloitte, Ernst & Young, and PwC, putting sensitive client information at risk.

The sources for this piece include an article in CIODIVE.

SUBSCRIBE NOW

Related articles

Cyber Security Today, May 29, 2024 – A new North Korean ransomware gang spotted, and more

A new North Korean ransomware gang spotted, and more Welcome to Cyber Security Today. It's Wednesday, May 29th, 2024....

Microsoft tries to regain trust of government cybersecurity leadership

Microsoft has embarked on an aggressive campaign to restore and enhance its cybersecurity image and regain trust within...

London Drugs refuses to pay ransom – corporate data is leaked

London Drugs, a prominent Canadian retailer, has confirmed a data breach involving sensitive corporate head office files, following...

Cyber Security Today, May 27, 2024 – Security controversy over a new Microsoft tool, a new open source threat intelligence service, and more

Security controversy over a new Microsoft tool, a new open-source threat intelligence service, and more. Welcome to Cyber Security...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways