Massive and Recent Data Breach Indicates Your Personal Information Likely Compromised
4 Sept 2023Massive and Recent Data Breach Indicates Your Personal Information Likely Compromised
In recent events, a significant data breach has unfolded, pointing to the strong likelihood that your personal information has been exposed. In May, the company MOVEit, responsible for a file transfer platform created by Progress Software, fell victim to a Russian ransomware operation known as Cl0p. Exploiting an undiscovered vulnerability within Progress's software, this breach caught many off guard. Despite a subsequent patch release after the attack's discovery, some users remained susceptible due to failure to install the update.
This software is widely utilized by numerous governments, financial institutions, as well as hundreds of public and private entities globally. It has been estimated that over 23 MILLION individuals and at least 455 organizations, which were customers of MOVEit, have had their information pilfered.
Among the compromised entities are:
- The US Department of Energy
- New York City Department of Education
- UCLA
- Shell
- Ernst & Young
- Northwest Mutual
- Pacific Premier Bank
- TransAmerica Life Insurance
- Honeywell
- Bristol Myers Squibb
- Gen/Norton LifeLock
- Radisson Hotel
- BBC
- British Airways
Of these, the majority (73%) are US-based, while the remaining are international. The sectors most heavily affected include finance, professional services, and educational institutions.
Cl0p is a ransomware variant employed in cyber-attacks since 2019. The stolen data is typically shared on the dark web, a hidden part of the internet where cybercriminals buy, sell, and trade information discreetly. This ransomware and its associated website have been linked to FIN11, a financially driven cybercrime group believed to have ties to Russia and Ukraine, operating under the umbrella of TA505.
The gravity of this breach stems from the fact that numerous compromised organizations offer services to other companies and government bodies, significantly increasing the likelihood that their customers, patients, taxpayers, and students have been impacted by association – a category you might fall into as well.
The key question: Were you informed?
Oddly, this breach did not make major headlines. However, when a company experiences a breach, they are required to notify affected individuals if their data has been compromised. This notification can take the form of an email or physical letter. Yet, due to spam filters and the scale of individuals involved, email communication may not reliably deliver this important message. Similarly, sending letters to over 36 million individuals takes time.
For those who use this software, it's imperative to change all passwords and PINs without delay. Opt for unique passwords that are a minimum of 12 characters long, comprising both uppercase and lowercase letters, numbers, and special characters. Moreover, enable multifactor authentication (MFA) for critical software applications and websites such as Microsoft Office, QuickBooks, banking and payroll systems, and credit card processing tools.
Curious whether your company's data has surfaced on the dark web? You can request a complimentary Dark Web Vulnerability Scan for your organization by clicking here (please note that this service isn't available for individuals). Just provide your domain name, and we'll conduct the search confidentially and reach out to discuss the findings – avoiding email communication for security purposes. Have questions? Feel free to contact us at 08 8922 0000.
© 2008 - 2020 BlueReef Technology (Tropical Business Solutions Pty Ltd)
08 8922 0000