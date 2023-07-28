The companies you trust your data with aren’t the only ones who handle it. Vendors, subcontractors, advertisers and other companies are often in the mix. And when one falls down on the job, everyone is screwed.

That’s precisely what happened when bad guys took advantage of a security flaw in the super-popular MOVEit file transfer system. One estimate puts the total number of victims at 513 organizations and 34,682,156 individuals. Yes, you read that number right.

Wondering if you’ve been impacted and what to do? Keep reading.

MOVEit and lose it

Thousands of organizations worldwide use Progress Software’s MOVEit to encrypt and send files. The hack has impacted over 500 organizations. So far, at least 33 data breach disclosures have affected over 34.5 million people. Yeah, you’re probably one of them.

Who’s behind it?

A Russian-speaking (and likely Russian-based) hacking organization known as Cl0p. They snuck into MOVEit through a flaw Progress Software didn’t know existed. Progress didn’t take long to patch the vulnerability, but not every client updated.

Cl0p pounced and launched ransomware attacks, taking files from companies that hadn’t yet fixed the flaw. Officials are still investigating just how deep this goes.

The hit list

Criminals got their hands on data from a ton of big-name organizations and government agencies. Think:

Here’s who’s been impacted by the MOVEit ransomware attack so far:

U.S. Department of Energy

Shell

First National Bankers Bank

First Merchants Bank

Putnam Investments

Datasite

OKK

Leggett & Platt

PricewaterhouseCoopers (PwC)

Ernst & Young

Health Services Ireland

BBC

British Airways

Boots Retail

Medibank

Rochester Hospital

GreenShield Canada

National Student Clearinghouse

United Healthcare Student Resources

University System of Georgia

Heidelberg

Aer Lingus

Government of Nova Scotia

Johns Hopkins University

Ofcom

Transport for London (TfL)

Cambridgeshire County Council

Gen Digital (parent company of Avast, Norton, and LifeLock)

New York City Department of Education

Siemens Energy

Schneider Electric

Dublin Airport

Madison College

Proskauer

City National Bank

Teachers Insurance and Annuity Association of America (TIAA)

Telos

Rage against the breach

This is a huge cause for concern, given how many companies relied on this software. Luckily, there are steps you can take ASAP to help protect your most private information:

Change your passwords and PINs . No brainer. Don’t reuse any passwords, please!

. No brainer. Don’t reuse any passwords, please! Add a fraud alert to your credit report. This flags you as a potential victim of fraud to anyone processing a credit application. You only need to contact one of the three credit bureaus.

This flags you as a potential victim of fraud to anyone processing a credit application. You only need to contact one of the three credit bureaus. Watch financial accounts. Monitor your accounts daily to check for anything out of the ordinary. It’s worth setting up alerts with your bank and credit cards to notify you of suspicious activity.

Monitor your accounts daily to check for anything out of the ordinary. It’s worth setting up alerts with your bank and credit cards to notify you of suspicious activity. Check your credit: You get one freebie a year.

Companies are legally obligated to tell you if a data breach has impacted you, so be on the lookout via email and snail mail. But beware of phishing emails where criminals piggyback on data breaches like this and send messages claiming to have vital information to trick you into clicking a malicious link.

