Ofcom, the UK's communications regulator, has disclosed a data breach after being targeted by a Clop ransomware attack. The threat actors exploited a zero-day vulnerability (CVE-2023-34362) in MOVEit file transfer to access the regulator's infrastructure. A spokesperson for Ofcom informed The Record that the ransomware group gained access to confidential information held by the regulator on companies it oversees. The spokesperson stated, “A limited amount of information about certain companies we regulate – some of it confidential – along with personal data of 412 Ofcom employees, was downloaded during the attack.” The regulator took immediate action to prevent further use of the MOVEit service and implemented recommended security measures. Affected Ofcom-regulated companies were promptly alerted, and support and assistance continue to be provided to colleagues.
MOVEit Transfer is a managed file transfer solution used by enterprises to securely transfer files via SFTP, SCP, and HTTP-based uploads. The vulnerability, a SQL injection vulnerability, allows an unauthenticated attacker to gain unauthorized access to MOVEit Transfer's database. The flaw affects all MOVEit Transfer versions but does not impact the cloud version of the product. Microsoft credited the Clop ransomware gang (also known as Lace Tempest) for the recent campaign exploiting the zero-day vulnerability CVE-2023-34362. On May 31, Rapid7 experts discovered approximately 2,500 instances of MOVEit Transfer publicly accessible on the internet, with a significant portion located in the United States. Currently, the number of installs in the UK is 127.
Another data breach recently made headlines, involving the payroll services provider Zellis. The instance of MOVEit Transfer managed by Zellis was used by the company to exchange files with multiple firms, implying that the number of affected companies could be substantial. As a result of the cyber attack on Zellis, employee data at the BBC and British Airways has been compromised and exposed. One of Zellis's clients, the British health and beauty retailer and pharmacy chain Boots, also confirmed being impacted by the attack. Another firm affected by the data breach is the airline Aer Lingus, which confirmed that “some of our current and former employee data” has been disclosed.