Christin Hume (unsplash)
Close to 1,000 organizations and 60 million individuals have been impacted by the recent MOVEit breach orchestrated by the Cl0p ransomware group.
Interestingly, these figures encompass both directly and indirectly affected parties. For example, many organizations and millions of individuals saw their data at risk due to PBI, a leading provider of research services in the pension and financial sectors.
By August 24, digital security firm Emsisoft had identified 988 affected entities and an approximate 59,200,000 individuals.
Organizations that potentially jeopardized the information of over a million people include Maximus, Pôle Emploi, Louisiana Office of Motor Vehicles, Colorado Department of Health Care Policy and Financing, Oregon Department of Transportation, Teachers Insurance and Annuity Association of America, Genworth, PH Tech, Milliman Solutions, and Wilton Reassurance Company.
This count of affected organizations was also echoed by Resecurity, which indicated on August 23 their awareness of 963 global public and private sector entities impacted by the MOVEit breach.
Cl0p, believed to have a potential gain of up to $100 million from this campaign, began releasing data of those who chose not to comply with their demands.
On the dates of August 14 and 15, the digital criminals released nearly 1 Tb of data purportedly taken from 16 affected entities, as per Resecurity. This list of entities encompasses well-known institutions such as UCLA, Siemens Energy, Cognizant, along with digital security firms Norton LifeLock and Netscout.
The exposed information was disseminated via surface web torrents, simplifying the process for anyone to download the compromised files.
Both Emsisoft and Resecurity have highlighted that a staggering 80% or more of the impacted institutions are based in the United States.
The MOVEit breach was the result of exploiting CVE-2023-34362, a severe SQL injection flaw present in the MOVEit Transfer managed file transfer (MFT) software. This vulnerability can be leveraged by an unidentified assailant to access files that are transferred using the software.