Home Massive Data Breach Exposes Millions to Hacks: The MOVEit Vulnerability

Massive Data Breach Exposes Millions to Hacks: The MOVEit Vulnerability

As hackers target a flaw in the widely used file transfer utility MOVEit, concerns about the safety of sensitive data once again come to the fore. Over 15.5 million people have been affected by this massive hacking campaign, and that number is certain to climb. We’ll examine what happened, whose companies were compromised, and what this means for data security in greater detail below.

Clop ransomware has been used by attackers against the Progress Software file transfer program MOVEit. By exploiting a flaw in MOVEit Transfer’s security, hackers were able to obtain private information belonging to millions of users. Over 140 institutions, including financial institutions, educational institutions, government organizations, and utility corporations, have been identified as victims of these attacks.

This data breach is quite massive. Between 2.5 and 2.7 million Genworth Finance customers are affected, as well as 770,000 members of the California Public Employees’ Retirement System, 3.5 million Oregon drivers license holders, and roughly 6 million Louisiana residents. About 1.5 million policyholders at insurance firm Wilton Reassurance have also been affected. More than half a million people have used Talcott Resolution, and 170,000 people are recipients of the Tennessee Consolidated Retirement System.

Mass hacks like MOVEit affect more than just private citizens and businesses. One of the victims is the charity National Student Clearinghouse, which works with thousands of schools across the country. Given National Student Clearinghouse’s pervasiveness in the academic community, the fallout from the recent data hack might be significant.

Several public sector companies and universities in the United States have also been hit by cyber attacks. More than 100,000 people were exposed in a recent event, according to the U.S. Department of Health and Human Services (HHS). While it is yet unclear how extensive the breach actually is, these attacks show how susceptible government and educational organizations are to cybercrime.

Organizations that were compromised in the widespread hacks have begun conducting investigations and taking steps to limit the harm as soon as possible. One of the attacked businesses, Siemens Energy, has stated that no sensitive information was lost and that business as usual has continued unabated. Another victim, the University of California, Los Angeles (UCLA), has notified the FBI and brought in outside cybersecurity specialists to fix the problem. UCLA has not released a number of affected persons, but they are striving to contact everyone who may be affected.

The Clop ransomware organization has named several other victims who have failed to react to enquiries about the intrusion. More victims are expected to surface in the coming days and weeks, as Clop claims to have compromised hundreds of organizations.

The Clop ransomware group’s actions have been noted by the U.S. State Department, which has announced a $10 million reward for information leading to the group’s capture. This Russian-affiliated group has carried out past widespread attacks, using flaws in popular file-sharing programs like MOVEit, Fortra’s GoAnywhere, and Accellion’s file-transfer software. The bounty is a sign of how seriously these cybercriminals should be taken.

With the growing frequency of data breaches, it’s more important than ever for businesses to invest heavily in cybersecurity measures to protect their customers’ personal data. To reduce the likelihood of such assaults, it is crucial to implement stringent security measures, maintain frequent software updates, and do comprehensive vulnerability assessments.

Companies should also think about providing cybersecurity training to their staff in order to raise their level of awareness and head off any breaches that could occur due to human error. To avoid the disastrous effects of data breaches, organizations must be watchful and proactive in the face of constantly changing cyber threats.

First reported on TechCrunch

About ReadWrite’s Editorial Process

The ReadWrite Editorial policy involves closely monitoring the tech industry for major developments, new product launches, AI breakthroughs, video game releases and other newsworthy events. Editors assign relevant stories to staff writers or freelance contributors with expertise in each particular topic area. Before publication, articles go through a rigorous round of editing for accuracy, clarity, and to ensure adherence to ReadWrite's style guidelines.

Deanna Ritchie
Former Editor

Deanna was an editor at ReadWrite until early 2024. Previously she worked as the Editor in Chief for Startup Grind, Editor in Chief for Calendar, editor at Entrepreneur media, and has over 20+ years of experience in content management and content development.

Get the biggest tech headlines of the day delivered to your inbox

    By signing up, you agree to our Terms and Privacy Policy. Unsubscribe anytime.

    Tech News

    Explore the latest in tech with our Tech News. We cut through the noise for concise, relevant updates, keeping you informed about the rapidly evolving tech landscape with curated content that separates signal from noise.

    In-Depth Tech Stories

    Explore tech impact in In-Depth Stories. Narrative data journalism offers comprehensive analyses, revealing stories behind data. Understand industry trends for a deeper perspective on tech's intricate relationships with society.

    Expert Reviews

    Empower decisions with Expert Reviews, merging industry expertise and insightful analysis. Delve into tech intricacies, get the best deals, and stay ahead with our trustworthy guide to navigating the ever-changing tech market.