Jul 7, 2023 - Technology

More than 200 organizations have been targeted in MOVEit-related breaches

Illustration of an infinite, recursive tunnel of laptops.

Illustration: Shoshana Gordon/Axios

More than 200 organizations are now said to be facing a data breach tied to security flaws discovered roughly six weeks ago in a popular file-transfer program.

Why it matters: So far, more than 17.5 million victims' data could have been affected by the breaches, according to a tally maintained by Emsisoft researcher Brett Callow. And that number continues to grow nearly every day.

The big picture: The victim list spans several sectors, from energy giant Shell to Wisconsin's Madison College.

  • Hackers are believed to have targeted a since-patched vulnerability in Progress Software Corp.'s MOVEit file-transfer tool to access the sensitive data its customers transferred through the tool.

Catch up quick: Progress Software first notified customers about malicious hackers exploiting a "zero-day" flaw in MOVEit in late May.

The intrigue: Russia-linked ransomware gang Cl0p has claimed responsibility for exploiting the MOVEit flaw.

Yes, but: Detecting and stopping this kind of cyberattack is tricky, since organizations don't always know what tools their employees are running on their devices.

Be smart: Identity fraud experts suggest affected individuals take steps to blunt the impact of hackers stealing their data, including changing their email account passwords and signing up for data broker opt-out services.

Editor's note: This story has been corrected to indicate that there was a single vulnerability in MOVEit, not multiple vulnerabilities.

Sign up for Axios’ cybersecurity newsletter Codebook here

Go deeper