More than 200 organizations have been targeted in MOVEit-related breaches
Add Axios as your preferred source to
see more of our stories on Google.
Illustration: Shoshana Gordon/Axios
More than 200 organizations are now said to be facing a data breach tied to security flaws discovered roughly six weeks ago in a popular file-transfer program.
Why it matters: So far, more than 17.5 million victims' data could have been affected by the breaches, according to a tally maintained by Emsisoft researcher Brett Callow. And that number continues to grow nearly every day.
The big picture: The victim list spans several sectors, from energy giant Shell to Wisconsin's Madison College.
- Hackers are believed to have targeted a since-patched vulnerability in Progress Software Corp.'s MOVEit file-transfer tool to access the sensitive data its customers transferred through the tool.
Catch up quick: Progress Software first notified customers about malicious hackers exploiting a "zero-day" flaw in MOVEit in late May.
- Since then, Progress has patched a couple of other recently discovered vulnerabilities, and federal officials have warned that their own agencies are responding to MOVEit-related incidents.
The intrigue: Russia-linked ransomware gang Cl0p has claimed responsibility for exploiting the MOVEit flaw.
- Cl0p also ran a similar hacking campaign in 2020 targeting the Accellion file-transfer tool.
Yes, but: Detecting and stopping this kind of cyberattack is tricky, since organizations don't always know what tools their employees are running on their devices.
Be smart: Identity fraud experts suggest affected individuals take steps to blunt the impact of hackers stealing their data, including changing their email account passwords and signing up for data broker opt-out services.
Editor's note: This story has been corrected to indicate that there was a single vulnerability in MOVEit, not multiple vulnerabilities.
Sign up for Axios’ cybersecurity newsletter Codebook here
