MOVEit Exploit Continues, Clop Ransomware Threatens to Leak Ameritrade, EY Data

Ameritrade has allegedly fallen victim to recent cyber attacks targeting the MOVEit file transfer application. The Clop ransomware group has claimed responsibility for the cyber assault and threatened to leak the data compromised post the cyber attacks on Ameritrade and EY.com on Monday, presumably July 10. 

The alarming scale of the MOVEit vulnerability exploitation became more aggressive, with two major corporations being added to the victim list.

Threat analysts Dominic Alvieri and Brett Callow shared the post on Clop ransomware gang’s claim of launching cyber attacks on Ameritrade and EY.com. The group is threatening to release the data soon.

According to Callow, the total number of MOVEit vulnerability victims has risen to 214, impacting 17,589,273 individuals.

Clop claims cyber attacks on Ameritrade and EY.com

To confirm the alleged Ameritrade cyber attack, The Cyber Express reached out to the company. We are yet to receive a response.

The threat actor’s post, which was widely shared, explicitly listed EY.com along with a threat to release the data. The mention of 3TB of data being exposed raises severe concerns about the extent of the breach and the potential damage it could cause.

In a bid to capitalize on their illicit activities, the threat actor openly invited interested parties to contact them via email, hinting at the possibility of selling not just EY.com data but also data from other compromised companies.

Adding to the distressing narrative, TD Ameritrade is ensnared in the same cyber attack series.

In a post shared by the Clop ransomware gang, they declared their intent to publish a compressed 260GB data set from Ameritrade. The post also reveals that negotiations with Ameritrade for a resolution had stalled due to a low offer. 

Exploiting MOVEit vulnerability at large

The MOVEit vulnerability has cast a wide net, attaching itself to multiple companies. Recently, Shell confirmed the cyber attack and acknowledged breach in the recent series of MOVEit cyber attacks. 

In a statement released on Wednesday, Shell expressed its efforts to contact affected parties while acknowledging that some personal information had been compromised.

Notably, Shell clarified that this incident was not a ransomware attack and reassured that no other IT systems within the organization had been impacted.

Furthermore, on June 29, 2023, Middlebury College issued an “Information Security Notice” concerning the recent data breach incidents.

The College disclosed that two of its vendors, the Teachers Insurance and Annuity Association (TIAA) and the National Student Clearinghouse (NSC), had utilized the vulnerable MOVEit software. 

Consequently, confidential information belonging to Middlebury students, staff, and faculty members may have been exposed to unauthorized access.

While Middlebury College does not employ MOVEit, it shared student and employee information with the vendors, resulting in an unfortunate breach.

TIAA and NSC are conducting their investigations and will soon initiate data breach notification processes for all affected individuals.

Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.