Security News > 2023 > June > Hackers steal data of 45,000 New York City students in MOVEit breach
The New York City Department of Education says hackers stole documents containing the sensitive personal information of up to 45,000 students from its MOVEit Transfer server.
The Clop ransomware gang has claimed responsibility for the CVE-2023-34362 MOVEit Transfer attacks on June 5 in a statement shared with BleepingComputer, with the cybercrime gang saying it breached the MOVEit servers of "Hundreds of companies."
The Clop gang began extorting organizations affected by the MOVEit data theft attacks almost two weeks ago, on June 15, by publicly listing their names on Clop's dark web data leak site.
Progress warned MOVEit Transfer customers last week to restrict HTTP access to their servers after info on a new SQL injection security flaw was published online.
Millions of Oregon, Louisiana state IDs stolen in MOVEit breach.
MOVEIt breach impacts Genworth, CalPERS as data for 3.2 million exposed.
News URL
Related news
- Schneider Electric confirms dev platform breach after hacker steals data (source)
- Nokia investigates breach after hacker claims to steal source code (source)
- Hackers breach US firm over Wi-Fi from Russia in 'Nearest Neighbor Attack' (source)
- Russian hackers use RDP proxies to steal data in MiTM attacks (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-06-02 | CVE-2023-34362 | SQL Injection vulnerability in Progress Moveit Cloud and Moveit Transfer In Progress MOVEit Transfer before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.0.1 (15.0.1), a SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain access to MOVEit Transfer's database. | 9.8 |