More than 200 organizations have been targeted in MOVEit-related breaches
More than 200 organizations are now said to be facing a data breach tied to security flaws discovered roughly six weeks ago in a popular file-transfer program.
Why it matters: So far, more than 17.5 million victims' data could have been affected by the breaches, according to a tally maintained by Emsisoft researcher Brett Callow. And that number continues to grow nearly every day.
- Hackers are believed to have targeted a since-patched vulnerability in Progress Software Corp.'s MOVEit file-transfer tool to access the sensitive data its customers transferred through the tool.
- Since then, Progress has patched a couple of other recently discovered vulnerabilities, and federal officials have warned that their own agencies are responding to MOVEit-related incidents.
The intrigue: Russia-linked ransomware gang Cl0p has claimed responsibility for exploiting the MOVEit flaw.
- Cl0p also ran a similar hacking campaign in 2020 targeting the Accellion file-transfer tool.
Yes, but: Detecting and stopping this kind of cyberattack is tricky, since organizations don't always know what tools their employees are running on their devices.
Be smart: Identity fraud experts suggest affected individuals take steps to blunt the impact of hackers stealing their data, including changing their email account passwords and signing up for data broker opt-out services.
Editor's note: This story has been corrected to indicate that there was a single vulnerability in MOVEit, not multiple vulnerabilities.
Sign up for Axios’ cybersecurity newsletter Codebook here