Major Corporations Hit by Data Breach Linked to MOVEit Vulnerability

2024-12-03

Learn about the critical importance of patch management and how vulnerabilities in widely-used tools like MOVEit can lead to massive data breaches, creating opportunities for CloudGuard solutions to secure sensitive data.

A significant data breach linked to vulnerabilities in the MOVEit file transfer tool has resulted in the exposure of personal data for hundreds of thousands of employees from major corporations such as Xerox, Nokia, Bank of America, and Morgan Stanley. The breach, exploited by the Cl0p ransomware group since May 2023, has led to the leakage of sensitive employee details, including names, phone numbers, email addresses, and job-related information, on a cybercrime forum. This breach underscores the severe risks posed by unpatched vulnerabilities and highlights the potential for social engineering attacks targeting the affected organizations.

Key Facts

Risks:

Sensitive Data, Patch Management, Third-Party Vendor/SaaS

Keywords:

MOVEit vulnerability, data breach, Cl0p ransomware, employee data leak, CVE-2023-34362, Xerox, Nokia, Bank of America, Morgan Stanley

CVE:

CVE-2023-34362

Affected:

Xerox, Nokia, Koch, Bank of America, Morgan Stanley, Amazon, Bridgewater, JLL

Article Body

Massive Data Breach Linked to MOVEit Vulnerability

In a significant data breach linked to last year's MOVEit vulnerability, personal data of employees from several major corporations have been leaked online. Companies affected include Xerox, Nokia, Koch Industries, Bank of America, Morgan Stanley, and others. This breach is connected to a vulnerability in Progress Software's MOVEit file transfer tool, which has been exploited by the Cl0p ransomware group since May 2023.

Details of the Data Breach

The breach exposed sensitive information of hundreds of thousands of employees, such as names, phone numbers, email addresses, job addresses, employee badges, job titles, and usernames. This data was leaked by an entity known as "Nam3L3ss" on a cybercrime forum, making it a potential goldmine for social engineering attacks.

Companies Affected

The leaked data includes details of more than 760,000 employees from the following companies: - Xerox: 42,735 employees - Koch Industries: 237,487 employees - Nokia: 94,253 employees - Bank of America: 288,297 employees - Morgan Stanley: 32,861 employees - Bridgewater: 2,141 employees - JLL: 62,349 employees

These companies were listed on BreachForums as part of the ongoing data dumps by the malicious actors.

Technical Details of the MOVEit Vulnerability

The vulnerability in question is a critical remote code execution (RCE) flaw in MOVEit Transfer, identified as CVE-2023-34362. Disclosed on May 31, 2023, this vulnerability allows an unauthenticated attacker to gain unauthorized access to the MOVEit database, infer information about the database structure and contents, and execute SQL statements that could alter or delete database elements.

Timeline of the Vulnerability Disclosure

May 31, 2023: Progress Software disclosed details of the vulnerability.
June 2, 2023: CVE-2023-34362 was officially assigned.
June 4, 2023: Rapid7 released a method for identifying stolen data.
June 5, 2023: UK companies including BA, BBC, and Boots disclosed breaches related to this vulnerability.
June 9, 2023: Progress Software updated its advisory to include a patch for a second vulnerability.
July 6, 2023: Progress disclosed three additional CVEs.

Implications for Organizations

This breach highlights the critical importance of patch management and the potential risks of unpatched vulnerabilities. Organizations using MOVEit Transfer must ensure that they apply the latest security patches to protect their data and prevent unauthorized access. The exposed data poses significant risks for social engineering attacks, emphasizing the need for robust cybersecurity measures.

https://www.theregister.com/2024/12/03/760k_xerox_nokia_bofa_morgan/