In a significant incident, hackers have exploited a security vulnerability in the MOVEit file transfer tool, compromising the personal data of over 15.5 million individuals.
The number of organizations affected continues to rise, with more than 140 known victims of Clop ransomware attacks targeting the MOVEit Transfer software developed by Progress Software. Let’s delve into the details.
According to Brett Callow, a ransomware expert and threat analyst at Emsisoft, out of the 140 known victims, 10 have confirmed the number of people affected, which already exceeds 15.5 million individuals.
Among those affected are approximately 3.5 million Oregon driver’s license holders, around 6 million Louisiana residents, and roughly 770,000 members of the California Public Employees’ Retirement System.
Other victims include between 2.5 and 2.7 million Genworth Finance clients, approximately 1.5 million customers of insurance provider Wilton Reassurance, over 170,000 beneficiaries of the Tennessee Consolidated Retirement System, and more than half a million Talcott Resolution customers.
Notably, the U.S. educational nonprofit National Student Clearinghouse, which works with 3,600 colleges and universities and 22,000 high schools, has also fallen victim to this cyberattack.
Considering the organization’s extensive reach, this breach could have far-reaching consequences in terms of numbers affected. At least seven U.S. universities and 16 U.S. public sector organizations have been identified as victims so far.
Even government departments have not been spared. The U.S. Department of Health and Human Services (HHS) recently reported an incident involving the exposure of over 100,000 individuals.
While HHS has not been added to Clop’s dark web leak site, several U.S. government agencies have already experienced intrusions related to the MOVEit transfer flaw, as confirmed by the U.S. Cybersecurity and Infrastructure Security Agency. Additionally, two entities within the Department of Energy have also been targeted.
However, it is not only government departments that have been attacked. Clop has added numerous new victims to its leak site this week alone, including banks, consultancy and legal firms, and energy giants.
Siemens Energy, one of the targets, confirmed the attack but stated that no critical data had been compromised, and their operations remained unaffected.
Another victim recently listed by Clop is the University of California–Los Angeles (UCLA). UCLA used MOVEit Transfer for file transfers across campus and to other entities.
The university promptly notified the FBI and engaged external cybersecurity experts to investigate the matter. While the exact number of affected individuals remains undisclosed, UCLA has taken steps to inform those impacted.