MOVEit body count closes in on 400 orgs, 20M+ individuals

2023-07-20 21:01

As of today, the number of affected organizations is closing is on 400 and include some really big names: the US Department of Energy and other federal agencies as well as huge corporations like energy company Shell, Deutsche Bank, consulting and business services firm PwC, and retail giant TJX Companies, which confirmed to The Register on Wednesday that "Some files were downloaded by an unauthorized third party before Progress notified us of the vulnerability."

As the infosec team notes, some of the companies whose MOVEit installations were breached provide services to many other organizations.

Case in point: Clop exploited a deployment of MOVEit used by payroll services provider Zellis whose customers include British Airways, the BBC, and the Boots pharmacy chain in the UK, among others, and as a result these companies all saw their employees' records stolen by the Russian gang via the software flaw.

Progress Software declined to comment on how many organizations have been affected by the MOVEit bugs.

Despite the growing victim count, vulnerable orgs are doing a decent job at remediating MOVEit bugs, according to cybersecurity ratings company Bitsight.

"Whether or not it be attacks like this MOVEit Transfer example, or even past high-impact intrusions like the Kaseya VSA ransomware incident or SolarWinds exploitation, all of these attacks have a certain supply chain aspect that absolutely expands the potential number of victims, bleeding into downstream organizations and the provider/customer relationship," Hammond told The Register.

News URL

https://go.theregister.com/feed/www.theregister.com/2023/07/20/moveit_victim_count/

#moveit