Massive MOVEit Hack Affects Nearly 1,000 Organizations and 60 Million Individuals

August 25, 2023

The Russian-speaking Cl0p ransomware group's recent MOVEit campaign has reportedly affected nearly 1,000 organizations and 60 million individuals. The figures include both directly and indirectly impacted entities. For instance, data from several organizations and millions of individuals were compromised via PBI, a company providing research services for the pension and financial sectors. As of August 24, cybersecurity firm Emsisoft reported 988 victims and approximately 59,200,000 individuals.

Organizations potentially exposing the data of more than one million individuals include Maximus, Pôle Emploi, Louisiana Office of Motor Vehicles, Colorado Department of Health Care Policy and Financing, Oregon Department of Transportation, Teachers Insurance and Annuity Association of America, Genworth, PH Tech, Milliman Solutions, and Wilton Reassurance Company. The number of affected organizations is also confirmed by Resecurity, which reported 963 public and private sector organizations worldwide affected by the MOVEit hack on August 23.

The Cl0p group, which is estimated to earn up to $100 million from this campaign, has begun leaking the data of victims who have refused to pay the ransom. On August 14 and 15, the cybercriminals leaked nearly 1 Tb of information allegedly stolen from 16 victims, according to Resecurity. These victims include UCLA, Siemens Energy, Cognizant, and cybersecurity firms Norton LifeLock and Netscout. The data was leaked via surface web torrents, allowing anyone to easily access the stolen files.

Both Emsisoft and Resecurity reported that over 80% of the affected organizations are located in the United States. The MOVEit campaign exploited CVE-2023-34362, a critical SQL injection vulnerability in the MOVEit Transfer managed file transfer (MFT) software. This vulnerability can be exploited by an unauthenticated attacker to access files transferred through the product.

Related News

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.