THE MOVEIT CYBERATTACK
WHEN: MAY 2023 WHERE: WORLDWIDE
The digital world witnessed a surge in cyber threats in
May 2023 when a ransomware gang, Clop, exploited a vulnerability in the MOVEIT Transfer tool. This zero-day exploit allowed Clop to infiltrate a range of organisations worldwide, causing widespread data breaches.
The scale of the attack was alarming, with over 2,000 organisations reporting incidents and the data of more than 62 million individuals compromised. The victims included high-profile entities like New York City's public schools, a Uk-based HR and payroll company servicing giants like British Airways and BBC, and many more. In a particularly concerning case, BORN Ontario disclosed that sensitive data about newborns and pregnant patients, spanning over a decade, had been stolen, affecting around 3.4 million people.
The company behind the file-transfer app, Progress Software, acted swiftly, issuing patches on 9th June and 15th June to address additional vulnerabilities. The aftermath of these attacks saw a flurry of legal actions. Class action lawsuits were filed against IBM, Prudential Financial, Progress Software, and others. These incidents have led to stricter regulations from the Securities and Exchange Commission of the US, demanding timely disclosures from public companies following cybersecurity breaches.
Amongst the affected, Sony Interactive Entertainment sent out notices to about 6,800 individuals, current and former employees, alerting them of a data breach in May 2023. A subsequent breach in September added to their woes.