MOVEit cyberattacks: keeping tabs on the biggest data theft of 2023

Share via:

Illustration: Beatrice Sala

A ransomware gang used a zero-day exploit in Progress Software’s MOVEit Transfer to steal thousands of companies’ data, affecting over 60 million people.

In May 2023, a ransomware gang called Clop began abusing a zero-day exploit of Progress Software’s MOVEit Transfer enterprise file transfer tool. Progress quickly issued a patch, but the damage was already extensive. Clop’s widespread attack saw it steal data from government, public, and business organizations worldwide, including New York City’s public school system, a UK-based HR solutions and payroll company with clients like British Airways and BBC, and others.

How many others? According to a running tally from Emsisoft, over 2,000 organizations have reported being attacked, with data thefts affecting more than 62 million people. The vast majority of attacks were on US-based entities. Most recently, BORN Ontario, which first reported being attacked in June, revealed that data from newborns and pregnant patients in Ontario, spanning from January 2010 to May 2023, was stolen, affecting on the order of about 3.4 million people.

Progress issued two more patches on June 9th and June 15th, both of which addressed further vulnerabilities that were “distinct” from the original exploit. In both cases, the company’s page announcing those patches says that, while its investigations are ongoing, it doesn’t see any evidence they were used for further attacks.

There has been… so very much legal action after the attacks. Class action lawsuits have been filed against IBM, which ran servers that were breached for multiple organizations, Prudential Financial, Progress Software itself, and others. The MOVEit breach and other high-profile hacks have led to the SEC requiring public companies to issue disclosures within four days of discovering a cybersecurity incident, except when the disclosure could be a national security or public safety risk.

Disclaimer

We strive to uphold the highest ethical standards in all of our reporting and coverage. We StartupNews.fyi want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.

Popular

More Like this

MOVEit cyberattacks: keeping tabs on the biggest data theft of 2023

Illustration: Beatrice Sala

A ransomware gang used a zero-day exploit in Progress Software’s MOVEit Transfer to steal thousands of companies’ data, affecting over 60 million people.

In May 2023, a ransomware gang called Clop began abusing a zero-day exploit of Progress Software’s MOVEit Transfer enterprise file transfer tool. Progress quickly issued a patch, but the damage was already extensive. Clop’s widespread attack saw it steal data from government, public, and business organizations worldwide, including New York City’s public school system, a UK-based HR solutions and payroll company with clients like British Airways and BBC, and others.

How many others? According to a running tally from Emsisoft, over 2,000 organizations have reported being attacked, with data thefts affecting more than 62 million people. The vast majority of attacks were on US-based entities. Most recently, BORN Ontario, which first reported being attacked in June, revealed that data from newborns and pregnant patients in Ontario, spanning from January 2010 to May 2023, was stolen, affecting on the order of about 3.4 million people.

Progress issued two more patches on June 9th and June 15th, both of which addressed further vulnerabilities that were “distinct” from the original exploit. In both cases, the company’s page announcing those patches says that, while its investigations are ongoing, it doesn’t see any evidence they were used for further attacks.

There has been… so very much legal action after the attacks. Class action lawsuits have been filed against IBM, which ran servers that were breached for multiple organizations, Prudential Financial, Progress Software itself, and others. The MOVEit breach and other high-profile hacks have led to the SEC requiring public companies to issue disclosures within four days of discovering a cybersecurity incident, except when the disclosure could be a national security or public safety risk.

Disclaimer

We strive to uphold the highest ethical standards in all of our reporting and coverage. We StartupNews.fyi want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.

Website Upgradation is going on for any glitch kindly connect at office@startupnews.fyi

More like this

Peak XV Offloads MobiKwik Shares Worth INR 82 Cr

SUMMARY As per NSE data, the investment firm, through...

Tether makes first crypto VC fund investment into Arcanum...

“We are passionate about backing technologies that will...

512GB M4 Mac mini, Apple Pencil Pro, M4 iMac,...

Today’s 9to5Toys Lunch Break is now ready to...

Popular

Upcoming Events

Startup Information that matters. Get in your inbox Daily!