A few days after the MOVEit data breach hit the headlines, we’re now getting reports of different companies that were affected by the incident. According to a BBC report, the media powerhouse is among those affected, as well as British Airways, Boots, Aer Lingus, and Zellis.
MOVEit Transfer is a managed file transfer (MFT) solution built by Ipswitch, a subsidiary of a company called Progress. Companies usually use software such as this to securely transfer sensitive files, such as financial data, personally identifiable information, and more.
Last Friday, the company confirmed the discovery of a “critical” vulnerability and urged its users to apply a workaround immediately in anticipation of an official patch.
Notifying affected staff
Now, according to the BBC, the data that was stolen in the breach includes national insurance numbers, as well as bank details – depending on the affected software user. For the BBC, besides national insurance numbers, the hackers got away with staff ID numbers, dates of birth, and postal addresses.
British Airways is warning its staff that some may have had their bank details stolen. Zellis, a payroll service provider, said eight of its clients have had data compromised, and while it didn’t reveal the nature of these files, it said each client is notifying its staff.
No threat actor has yet claimed responsibility for the attack, or demanded ransom in exchange for the data. However, Microsoft says it believes the threat actor known as Clop was behind the incident. Clop is a Russia-linked threat actor, that recently gained infamy after successfully compromising GoAnywhere MFT.
GoAnywhere is another secure managed file transfer solution, used by countless companies to transfer sensitive files, securely, between endpoints. Multiple high-profile organizations were affected by the GoAnywhere breach, including Hitachi Energy, Hatch Bank, Health Systems, Investissement Quebec, Rubrik, AvicXchange, Saks Fifth Avenue, Galderma, and many, many others.
“The recent cyber breach at Zellis, a payroll provider for organizations such as the BBC and British Airways (BA), underscores the critical role comprehensive third-party risk management plays in today’s digital era,” said Alexander Heid, chief research and development officer with cybersecurity ratings and risk management company SecurityScorecard.
“This exploit leverages SQL injection, enabling attackers to interact with the server database, manipulate reading/writing permissions, and ultimately gain control through arbitrary code execution,” he added.
According to Heid, the researchers found thousands of exposed servers out there. “The research also uncovered over 2,500 exposed MOVEit servers across 790 organizations, several hundred of which exhibited the specific vulnerability. They noted that active scanning and attempted exploitation of the vulnerability continued through at least March 29th, 2023, which is when the exfiltration started for Zellis.”