Security News > 2023 > June > Hackers steal data of 45,000 New York City students in MOVEit breach
The New York City Department of Education says hackers stole documents containing the sensitive personal information of up to 45,000 students from its MOVEit Transfer server.
The Clop ransomware gang has claimed responsibility for the CVE-2023-34362 MOVEit Transfer attacks on June 5 in a statement shared with BleepingComputer, with the cybercrime gang saying it breached the MOVEit servers of "Hundreds of companies."
The Clop gang began extorting organizations affected by the MOVEit data theft attacks almost two weeks ago, on June 15, by publicly listing their names on Clop's dark web data leak site.
Progress warned MOVEit Transfer customers last week to restrict HTTP access to their servers after info on a new SQL injection security flaw was published online.
Millions of Oregon, Louisiana state IDs stolen in MOVEit breach.
MOVEIt breach impacts Genworth, CalPERS as data for 3.2 million exposed.
News URL
Related news
- Ukraine says hackers abuse SyncThing data sync tool to steal data (source)
- Ukraine says hackers abuse SyncThing tool to steal data (source)
- Life360 says hacker tried to extort them after Tile data breach (source)
- New York Times warns freelancers of GitHub repo data breach (source)
- Hackers use F5 BIG-IP malware to stealthily steal data for years (source)
- Hackers target new MOVEit Transfer critical auth bypass bug (source)
- City of Philadelphia says over 35,000 hit in May 2023 breach (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-02 | CVE-2023-34362 | SQL Injection vulnerability in Progress Moveit Cloud and Moveit Transfer In Progress MOVEit Transfer before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.0.1 (15.0.1), a SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain access to MOVEit Transfer's database. | 9.8 |