Just a few months ago, in May, the renowned file transfer platform MOVEit, developed by Progress Software, fell victim to a cyberattack orchestrated by a Russian ransomware group called Cl0p. This malicious entity exploited an unknown vulnerability in Progress's software, catching the company off guard. Although a patch was swiftly released after the breach was detected, some users remained susceptible as they failed to apply the update in time.
MOVEit's widespread utilization among numerous governments, financial institutions, public and private enterprises globally has been noted. Shockingly, it's estimated that a staggering 455 organizations, along with over 23 MILLION individuals who were patrons of MOVEit, have had their personal information pilfered.
Among the compromised entities are notable names such as:
- The United States Department of Energy
- New York City Department of Education
- UCLA
- Shell
- Ernst & Young
- Northwest Mutual
- Pacific Premier Bank
- TransAmerica Life Insurance
- Honeywell
- Bristol Myers Squibb
- Gen/Norton LifeLock
- Radisson Hotel
- BBC
- British Airways
A majority of these organizations (73%) are situated in the US, while the remaining are international. Financial, professional services, and educational institutions are among the hardest-hit sectors.
Cl0p, a variant of ransomware that has plagued cyber landscapes since 2019, follows a pattern wherein stolen data is made available on the dark web—an obscure sector of the internet where cybercriminals trade information in anonymity. The ransomware and its corresponding website have been linked to FIN11, a financially driven cybercrime network associated with Russia and Ukraine. It is suspected to be part of a larger operation known as TA505.
The true gravity of this breach lies in the fact that many of the affected organizations offer services to a multitude of other businesses and government bodies. Consequently, it's highly likely that their customers, patients, taxpayers, and students have been inadvertently compromised. You might be one of them.
The pertinent question is: Were you informed about this breach?
Strangely, this breach didn't make widespread headlines. However, when a company falls victim to such an incident, they are legally obligated to notify individuals whose data may have been stolen. This notification could be in the form of an email or physical letter. Yet, due to spam filters and potential delivery issues, relying solely on email communication isn't foolproof. Crafting letters for a vast group of over 36 million people is also a time-consuming process.
For those who used the compromised software, immediate action is imperative. Changing all passwords and PINs is crucial, employing a combination of at least 12 characters including uppercase and lowercase letters, special characters, and numbers. Furthermore, activating Multifactor Authentication (MFA) for all critical applications and websites—such as Microsoft Office, QuickBooks, online banking, payroll services, and credit card processing—is strongly recommended.
Curious if your company's information is circulating on the dark web? Avail our complimentary Dark Web Vulnerability Scan for your organization. We, regrettably, cannot extend this service to individuals. Share your domain name, and we'll conduct the scan confidentially, reaching out for an exclusive discussion about the findings (NOT via email). Have queries? Feel free to call us at 888-606-8805.
