MOVEit Campaign Claims Millions More Victims
US government services firm is latest to reveal compromise
MOVEit is a managed file-transfer platform whose vulnerabilities can expose sensitive data and enable unauthorized access to connected systems.
Search across headline titles and summaries.
Background for this topic.
MOVEit is Progress’s managed file-transfer platform for exchanging and automating transfers of files between organizations, users, applications, and business partners. Deployments may include the web-based MOVEit Transfer server, APIs, and cloud services, often handling payroll, health, financial, or other sensitive records.
Its security significance centers on internet-facing transfer interfaces and the concentration of valuable data in the platform. SQL-injection flaws in MOVEit Transfer, including CVE-2023-34362, were exploited to access systems and steal files, making prompt application of vendor security updates and careful asset inventory essential. Practitioners should restrict administrative access, review exposed services and API permissions, monitor for unusual authentication or download activity, and preserve relevant server and web logs. After a suspected compromise, organizations need to determine which files and accounts were accessed, because the platform’s contents may trigger privacy, contractual, or regulatory reporting obligations.
US government services firm is latest to reveal compromise
Living up to its name, Maximus sees a whale of a breach that affects millions of people's sensitive government records, including health data.
Maximus plus Deloitte and Chuck E. Cheese join 500+ victim orgs Accounting giant Deloitte, pizza and birthday party chain Chuck E. Cheese, government contractor Maximus, and the Hallmark Channel are among the latest victims that the Russian ransomware crew Clop claims to have compromised via the MOVEit vulnerability.…
Third of Big 4 accountants get trampled by Clop, KPMG may be nervous Accounting giant Deloitte, pizza and birthday party chain Chuck E. Cheese, government contractor Maximus, and the Hallmark Channel are among the latest victims that the Russian ransomware crew Clop claims to have breached using the MOVEit file transfer hack.…
U.S. government services contractor Maximus has disclosed a data breach warning that hackers stole the personal data of 8 to 11 million people during the recent MOVEit Transfer data-theft attacks. [...]
Cl0p stands to make $100M on the MOVEit campaign, and according to a just-released survey, more than half of businesses are willing to pass data breach costs onto customers.
Coveware claims small number of victims paid very high ransoms
The Clop ransomware gang is copying an ALPHV ransomware gang extortion tactic by creating Internet-accessible websites dedicated to specific victims, making it easier to leak stolen data and further pressuring victims into paying a ransom. [...]