MOVEit 0-day Breach – Millions of Employee Data Stolen from 25 Major Organizations

In Cybersecurity News - Original News Source is cybersecuritynews.com by Blog Writer

Post Sharing

A critical vulnerability in the widely used MOVEit file transfer software has led to one of the most extensive corporate data leaks in recent history, affecting millions of employees across 25 major organizations.

The breach, attributed to a zero-day vulnerability known as CVE-2023-34362, has exposed sensitive employee information from global companies in the finance, technology, healthcare, and retail sectors.

A threat actor operating under the alias “Nam3L3ss” has released vast datasets containing detailed employee records stolen during the MOVEit attacks in May 2023.

Employee data leak claim

The leaked data includes names, email addresses, phone numbers, job titles, and, in some cases, entire organizational structures.

How to Maximize Cybersecurity Program ROI -> Free Webinar

Here’s a table showing the number of records stolen from each company in the MOVEit data breach:

Company Records Stolen
Amazon 2,861,111
MetLife 585,130
Cardinal Health 407,437
HSBC 280,693
Fidelity 124,464
U.S. Bank 114,076
HP 104,119
Canada Post 69,860
Delta Airlines 57,317
Applied Materials 53,170
Leidos 52,610
Charles Schwab 49,356
3M 48,630
Lenovo 45,522
Bristol Myers Squibb 37,497
Omnicom Group 37,320
TIAA 23,857
UBS 20,462
Westinghouse 18,193
Urban Outfitters 17,553
Rush University 15,853
British Telecom 15,347
Firmenich 13,248
City National Bank 9,358
McDonald’s 3,295

This table shows the extent of the data breach, with Amazon being the most severely impacted, having over 2.8 million records stolen. The breach affected companies across various sectors, including technology, finance, healthcare, and retail.

Other affected organizations include U.S. Bank, HP, Delta Airlines, Charles Schwab, 3M, Lenovo, and McDonald’s, among others. The total number of compromised records across all 25 companies exceeds 5 million.

Data leak claim by threat actor

The leaked datasets contain highly structured information, revealing not only contact details but also sensitive internal data such as cost center codes and departmental assignments.

Security researchers at Hudson Rock have verified the authenticity of the data by cross-referencing it with LinkedIn profiles and information from previous infostealer infections.

Nam3L3ss claims this leak represents just a fraction of the data in their possession, hinting at potentially more extensive disclosures in the coming days. The hacker’s motives remain unclear, as they deny any attempts at blackmail or ransom demands.

While the Clop ransomware gang initially exploited the MOVEit vulnerability, researchers cannot yet confirm whether Nam3L3ss is affiliated with Clop or acted independently.

The breach poses significant risks for affected organizations and their employees. These include:

  1. Increased vulnerability to phishing and social engineering attacks.
  2. Potential for corporate espionage.
  3. Reputational damage to high-profile companies.
  4. Heightened risk of financial fraud, especially for financial sector targets.

In response to the breach, cybersecurity experts recommend several mitigation strategies:

  1. Immediate application of security patches released by Progress Software, the developer of MOVEit.
  2. Conducting comprehensive security audits to identify and address potential vulnerabilities.
  3. Enhancing employee awareness and training on cybersecurity best practices.
  4. Implementing stricter access controls and data segmentation policies.

Amazon has confirmed the breach, stating that a third-party property management vendor was compromised, affecting employee work contact information. The company asserts that its core systems remain secure and that no sensitive personal data, such as Social Security numbers or financial information, was exposed.

As organizations deal with the consequences of this significant data leak, the incident highlights the essential need for timely security patching and strong cybersecurity measures in an increasingly interconnected digital landscape.

The full extent of the breach’s impact is still unfolding, and potentially, more revelations will come soon.

Run private, Real-time Malware Analysis in both Windows & Linux VMs. Get a 14-day free trial with ANY.RUN!