The same threat actor has also released 25 additional companies' data. They claim that part of the information was gathered from other sources, including exposed AWS and Azure buckets and the leak sites of ransom groups. Lenovo, HP, TIAA, Schwab, HSBC, Delta, McDonald's, and Metlife are among the companies whose data was stolen in MOVEit attacks or gathered from resources exposed to the Internet and is now available on the leaks forum.

Beginning on May 27, 2023, a wave of data theft attacks was carried out by the Clop ransomware gang. The date of May 30, 2023, corresponds with the MOVEit data theft incidents that took place around the extended US Memorial Day holiday, notwithstanding the threat actor's claims that the data was gathered from many sources. Since each of the 25 firms' exposed data is comparable, it is thought that the data was taken from a single vendor during these attacks and was subsequently made available to the affected clients in distinct data sets.

A zero-day vulnerability in the MOVEit Transfer secure file transfer platform—a managed file transfer (MFT) solution used in enterprise settings to safely move files between clients and business partners—was exploited in the data theft attacks. In June 2023, the cybercrime gang started extorting victims by posting their names on their dark web leak website.

Since then, tens of millions of people have had their data stolen and used in extortion schemes or released online, and the repercussions of these attacks have affected hundreds of businesses worldwide. These attacks have also targeted and compromised two U.S. Department of Energy (DOE) businesses and other U.S. federal agencies.

Impact

• Exposure of Sensitive Data
• Identity Theft

Remediation

• Regularly back up critical data and systems. In the event of a successful attack or compromise, having recent backups can help you restore operations and minimize data loss.
• Implement multi-factor authentication to add an extra layer of security to login processes.
• Regularly monitor network activity for any unusual behavior, as this may indicate that a cyberattack is underway.
• Organizations need to stay vigilant and follow best practices for cybersecurity to protect their systems and data from potential threats. This includes regularly updating software and implementing strong access controls and monitoring tools.
• Develop a comprehensive incident response plan to respond effectively in case of a security breach or data leakage.
• Adhere to security best practices, including the principle of least privilege, and ensure that users and applications have only the necessary permissions.
• Establish a robust patch management process to ensure that security patches are evaluated, tested, and applied promptly.
• Conduct security audits and assessments to evaluate the overall security posture of your systems and networks.
• Implement network segmentation to contain and isolate potential threats to limit their impact on critical systems.