MOVEit Hack: Over 600 Organizations Impacted, Millions of People

The 2023 MOVEit hack was one of the largest data breaches in recent history. The Clop ransomware and extortion gang orchestrated the hack by exploiting a critical-rated vulnerability in Progress Software's MOVEit file-transfer software. The attack affected over 600 organizations globally, including Shell, British Airways, and the United States Department of Energy. The compromised data included contact information, dates of birth, Social Security numbers, retirement plan information, medical records, billing data, and banking information. The full extent of the damage is still being assessed, with more victims expected to come forward in the coming months.

The hackers exploited an SQL injection vulnerability in the MOVEit Transfer web application. This allowed them to gain insights into the database structure and content and execute SQL statements to delete data from the database on vulnerable systems.

The fallout from the hack has been significant. Victims continue to come forward, with more than 1,000 known victims of the MOVEit breach as of August 25, 2023. The number of affected individuals has surpassed 60 million. U.S.-based organizations account for 83.9% of known MOVEit corporate victims.

The hack has also resulted in multiple class-action lawsuits being filed against Progress Software. In response, Progress Software has released patches for two more critical-rated vulnerabilities that are being exploited by attackers.

The full extent of the attack is still unknown. Researchers say that the number of suspected attacks and the total number of people whose data has already been stolen in these incidents far exceeds what has been disclosed.

The 2023 MOVEit hack is a stark reminder of how vulnerable our data can be. It highlights the importance of software supply chain security and the need for organizations to take proactive measures to protect their sensitive information.

Newman, L.H., Burgess, M., “The Biggest Hack of 2023 KeepsGetting Bigger”, Wired, Oct 2nd, 2023.

“Progress, the company behind MOVEit, patches new activelyexploited security flaws”, Yahoo!, Oct 2nd, 2023.

Perez, S., “MOVEit, the biggest hack of the year, by thenumbers”, TechCrunch, Aug 25th, 2023.

“Hagens Berman: Multiple Class-Action Lawsuits Filed After2023 MOVEit Data Breach Affecting More Than 40 Million People”,Morningstar.com, Aug 16th, 2023.

“We like to MOVEit: A wake-up call for cybersecurity”, TechWire Asia, Jun 23rd, 2023.