Breach, Data Security, Supply chain

Additional MOVEit hack data from major firms exposed

Share
MOVEit
(Stock Photo, Getty Images)

Seven more major organizations had records from over 760,000 employees stolen from last year's MOVEit hack, which affected nearly 2,800 entities and almost 100 million individuals, exposed by the threat actor Nam3l3ss on BreachForums just weeks after he leaked millions of data from Amazon and two dozen other leading organizations that had also been exfiltrated through the widespread exploitation of the MOVEit Transfer bug, according to SecurityWeek.

Most of the exposed employee records — which includes names, phone numbers, email addresses, job titles, work ID numbers, and manager names — belonged to Bank of America, followed by U.S. multinational conglomerate Koch, Finnish multinational telecommunications firm Nokia, and global real estate and investment management services provider JLL, a report from Atlas Privacy showed. Also affected by the data leak were Xerox, Morgan Stanley, and Bridgewater. "We believe the data originates from the Cl0p ransomware group, who frequently exploit vulnerabilities like MOVEit to exfiltrate and publish sensitive data as part of their extortion campaigns. It's likely Name3l3ss dug through terabytes of darkweb data and repackaged it for wider consumption," said Atlas Privacy co-founder and Chief Security Officer Tsachi Ganot.

Related

Uganda downplays central bank hack

Bank of Uganda, the country's central bank, was confirmed to have its accounts compromised in a recent cyberattack but Ugandan Minister of State for Finance Henry Musasizi emphasized the incident to not be as severe as initially communicated by the media, which noted the theft of up to $17 million.

Toll of OnePoint Patient Care breach exceeds 1.7M

In a filing with the Office of the Maine Attorney General, OPPC disclosed that infiltration of its systems resulted in the exfiltration of individuals' names, residence details, Social Security numbers, diagnoses, medical record numbers, and prescription information although there has been no evidence to suggest misuse of the compromised data.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

Related Terms

Attack VectorByteChecksumCipherCiphertextData AggregationData Loss Prevention (DLP)Diffie-HellmanDigital EnvelopeDigital Signature Standard (DSS)

You can skip this ad in 5 seconds