Casualties of This Month’s MOVEit Attack Continue to Rise

The cyberattacks targeting the popular MOVEit file transfer software have escalated into one of the most significant data breaches in recent years, affecting over 130 organizations and potentially compromising the personal information of millions of individuals.

The ongoing campaign, leveraging a zero-day vulnerability in Progress Software's MOVEit Transfer, continues to expose sensitive data across multiple industries, as highlighted by VPNMentor's previous report. The Russian cybercrime group known as Cl0p claimed responsibility for the attacks and has started naming the organizations that have refused to comply with their ransom demands.

According to Brett Callow, a threat analyst at cybersecurity firm Emsisoft, 138 organizations are known to have been impacted, compromising personal information belonging to more than 15 million individuals. However, the true extent of the breaches is expected to increase as more victims emerge and report the incidents.

Prominent organizations across different sectors have fallen victim to the breaches. Shell, Siemens Energy, Schneider Electric, Sony, EY, PwC, Cognizant, AbbVie, Kirkland & Ellis, and K&L Gates are among the entities targeted by Cl0p. Siemens Energy has confirmed that data was stolen during the attacks, but they reassured the public that no critical data was compromised and their operations were unaffected.

The impact of the MOVEit attacks extends beyond private corporations. Government organizations, including the US Department of Energy, the Health Department, and the Oregon DMV, have also been caught up in the breach. Even the New York City Department of Education has reported unauthorized access to files transferred through the MOVEit environment, affecting roughly 45,000 students' sensitive information.

The developers of the MOVEit software, Progress Software, have been conducting ongoing investigations and implementing patches to address vulnerabilities in MOVEit Transfer and MOVEit Cloud. The company has taken defensive measures to safeguard customer environments and mitigate potential risks. They have partnered with third-party experts, conducted code reviews, and urged customers to apply the patches, follow mitigation guidance, and monitor for any indicators of compromise.

As law enforcement agencies, including the FBI and local authorities, continue to investigate the breaches, affected organizations are working diligently to assess the extent of the compromise and notify impacted individuals.

While the full scope of the breaches and the amount of stolen data is yet to be determined, it is clear that the repercussions of this cyberattack will have long-lasting implications for individuals and organizations alike.