Encircle News!

Retro Game Arcade
, , , , ,

Millions affected by MOVEit mass-hacks as list of casualties continues to grow

Carly Page

Hackers have compromised the personal data of more than 15 million individuals by exploiting a security vulnerability in the MOVEit file transfer tool, as the number of victim organizations continues to grow.

There are more than 140 known victims of Clop ransomware attacks targeting a vulnerability in MOVEit Transfer, an enterprise file transfer tool developed by Progress Software. Brett Callow, a ransomware expert and threat analyst at Emsisoft, tells TechCrunch that while only 10 of these victims have so far confirmed the number of people affected, the number already exceeds more than 15.5 million individuals.

This includes approximately 3.5 million Oregon driver license holders; roughly six million Louisiana residents; some 770,00 members of the California Public Employees’ Retirement System; between 2.5 and 2.7 million Genworth Finance clients; approximately 1.5 million customers of insurance provider Wilton Reassurance; more than 170,000 beneficiaries of the Tennessee Consolidated Retirement System; and more than half a million Talcott Resolution customers.

Callow tells TechCrunch that the mass-hacks include U.S. educational non-profit National Student Clearinghouse, which could be a “potentially significant” breach in terms of numbers. The organization, which began notifying schools of the data breach, works with 3,600 colleges and universities and 22,000 high schools.

Callow noted that at least seven of the known MOVEit victims are U.S. universities, and 16 are U.S. public sector organizations.

This includes the U.S. Department of Health and Human Services (HHS), according to Bloomberg, which reported Wednesday that officials notified Congress of an incident involving the exposure of more than 100,000 individuals. HHS did not respond to TechCrunch’s questions and has not yet been added to Clop’s dark web leak site.

U.S. cybersecurity agency CISA previously told TechCrunch that “several” U.S. government agencies had experienced intrusions related to the exploitation of the MOVEit transfer flaw, and a spokesperson for the Department of Energy confirmed that this included two DOE entities.

It’s not just government departments that have been targeted.

Clop, which claimed responsibility for the widespread attacks, has added tens of new victims to its leak site this week alone, including banks, consultancy and legal companies, and energy giants.

Siemens Energy spokesperson Claudia Nehring confirmed to TechCrunch that the company is among the targets of the MOVEit attacks. “Based on the current analysis no critical data has been compromised and our operations have not been affected. We took immediate action when we learned about the incident,” Nehring added.

The University of California (UCLA), which used MOVEit Transfer to transfer files across campus and to other entities, is also among Clop’s newly listed victims. UCLA spokesperson Marge Grey told TechCrunch that the university “notified the FBI and worked with external cybersecurity experts to investigate the matter” and has notified those who have been impacted. UCLA declined to say how many individuals had been affected.

None of the other victims listed by Clop have yet responded to TechCrunch’s requests for comment.

The exact number of impacted organizations, and subsequently breached individuals, remains unknown. In a post on its leak site, Clop claims to have compromised “hundreds” of organizations, which means that more victims are likely to come to light in the coming days and weeks.

In light of this latest wave of mass attacks, U.S. State Department earlier this month offered a $10 million bounty for information on the Clop ransomware group, a Russia-linked gang that was also responsible for previous mass-attacks exploiting flaws in Fortra’s GoAnywhere file transfer tool and Accellion’s file transfer application.

Do you work at an organization that’s affected? Do you have more information you can share? You can contact Carly Page securely on Signal at +441536 853968 and by email. You can also share tips and documents with TechCrunch via SecureDrop.

Millions affected by MOVEit mass-hacks as list of casualties continues to grow by Carly Page originally published on TechCrunch

https://techcrunch.com/2023/06/29/millions-affected-moveit-mass-hacks/

Follow Us

Featured Posts

November 2024
M T W T F S S
 123
45678910
11121314151617
18192021222324
252627282930  

About Us

Welcome to encircle News! We are a cutting-edge technology news company that is dedicated to bringing you the latest and greatest in everything tech. From automobiles to drones, software to hardware, we’ve got you covered.

At encircle News, we believe that technology is more than just a tool, it’s a way of life. And we’re here to help you stay on top of all the latest trends and developments in this ever-evolving field. We know that technology is constantly changing, and that can be overwhelming, but we’re here to make it easy for you to keep up.

We’re a team of tech enthusiasts who are passionate about everything tech and love to share our knowledge with others. We believe that technology should be accessible to everyone, and we’re here to make sure it is. Our mission is to provide you with fun, engaging, and informative content that helps you to understand and embrace the latest technologies.

From the newest cars on the road to the latest drones taking to the skies, we’ve got you covered. We also dive deep into the world of software and hardware, bringing you the latest updates on everything from operating systems to processors.

So whether you’re a tech enthusiast, a business professional, or just someone who wants to stay up-to-date on the latest advancements in technology, encircle News is the place for you. Join us on this exciting journey and be a part of shaping the future.

Podcasts

TWiT 1007: All the Hotdogs in the World – China's 'Salt Typhoon' Hack, Google on the Chopping Block, Recall AI This Week in Tech (Audio)

In this episode of This Week in Tech, the panel tackles the "biggest hack in US history," the future of AI, and the role of government in tech. From the Chinese hack's implications to Microsoft's AI-powered Recall, the Supreme Court's tech-related cases, and the push for social media age verification, Leo Laporte, Patrick Beja, Wesley Faulkner, and Alex Wilhelm provide insightful analysis and lively discussion on the most pressing issues facing the industry today. China's "Salt Typhoon" hack, dubbed the "worst hack in our nation's history," which compromised US telecommunications infrastructure and allowed surveillance of high-profile individuals The panel debates the challenges of securing outdated infrastructure and the role of government in regulating tech companies DOJ's push for Google to sell off Chrome to break its search monopoly, and the potential implications for competition and innovation Alex Wilhelm's article "If you like startups, you should love anti-trust" and the importance of fostering competition in the tech industry Microsoft's Windows 365 Link, a $349 mini PC that streams Windows from the cloud, and the potential for thin client computing Microsoft's Recall AI feature, which records and indexes users' screen activity, raising security concerns but offering potential benefits for users The Supreme Court's involvement in cases related to Facebook's Cambridge Analytica data breach and the fate of America's low-income broadband fund The panel also discusses their personal experiences with parenting in the digital age and the challenges of balancing screen time, privacy, and education for children Meta's push for Apple and Google to verify users' ages on social media platforms, and the challenges of implementing effective age verification while protecting user privacy Amazon's talks with Instacart, Uber, Ticketmaster, and others to enhance its AI-powered Alexa assistant Spirit Airlines filing for bankruptcy amidst financial losses and mounting debt payments Alex laments the addition of ads to Amazon Prime Video and the panel debates the tradeoffs of bundled subscription services Host: Leo Laporte Guests: Patrick Beja, Wesley Faulkner, and Alex Wilhelm Download or subscribe to This Week in Tech at https://twit.tv/shows/this-week-in-tech Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: Melissa.com/twit shopify.com/twit veeam.com lookout.com bitwarden.com/twit
  1. TWiT 1007: All the Hotdogs in the World – China's 'Salt Typhoon' Hack, Google on the Chopping Block, Recall AI
  2. TWiT 1006: Underwater Alien Civilizations – Bluesky Growth, Tyson Vs. Paul, AI Granny
  3. TWiT 1005: $125,000 in Baguettes – iPod Turns 23, The $1.1M AI Painting, Roblox
  4. TWiT 1004: Embrace Uncertainty – Political Texts, Daylight Saving Time, Digital Ad Market
  5. TWiT 1003: CrabStrike – Delta Sues Crowdstrike, Hospital AI, Surge Pricing