MOVEit data breach: Is your info safe?

July 27, 2023

By Kim Komando

The companies you trust your data with aren’t the only ones who handle it. Vendors, subcontractors, advertisers and other companies are often in the mix. And when one falls down on the job, everyone is screwed.

That’s precisely what happened when bad guys took advantage of a security flaw in the super-popular MOVEit file transfer system. One estimate puts the total number of victims at 513 organizations and 34,682,156 individuals. Yes, you read that number right.

Wondering if you’ve been impacted and what to do? Keep reading.

MOVEit and lose it

Thousands of organizations worldwide use Progress Software’s MOVEit to encrypt and send files. The hack has impacted over 500 organizations. So far, at least 33 data breach disclosures have affected over 34.5 million people. Yeah, you’re probably one of them.

Who’s behind it?

A Russian-speaking (and likely Russian-based) hacking organization known as Cl0p. They snuck into MOVEit through a flaw Progress Software didn’t know existed. Progress didn’t take long to patch the vulnerability, but not every client updated. 

Cl0p pounced and launched ransomware attacks, taking files from companies that hadn’t yet fixed the flaw. Officials are still investigating just how deep this goes.

The hit list

Criminals got their hands on data from a ton of big-name organizations and government agencies. Think:

Here’s who’s been impacted by the MOVEit ransomware attack so far:

Rage against the breach

This is a huge cause for concern, given how many companies relied on this software. Luckily, there are steps you can take ASAP to help protect your most private information:

Companies are legally obligated to tell you if a data breach has impacted you, so be on the lookout via email and snail mail. But beware of phishing emails where criminals piggyback on data breaches like this and send messages claiming to have vital information to trick you into clicking a malicious link.

RELATED: How to spot and avoid falling victim to phishing emails.

https://www.komando.com/tips/cybersecurity/moveit-data-breach/