In the latest cybersecurity news development, the number of MOVEit victims count has crossed 2,120 organizations and 62,054,613 individuals. The staggering increase in number is unlikely to have happened in any past cyber attacks. Clop ransomware group exploited a zero-day vulnerability in MOVEit File Transfer software which allowed the hacker to breach its clients and their clients. The MOVEit breach statistics are based on state breach alerts, public disclosures by organizations, and SEC filings.
Although the figure shows over 2000 organizations being targeted in the MOVEit breach statistics, the actual number is likely to be higher because not all organizations and individuals have come forward with data breach confirmation.
MOVEit Breach Statistics
An Emsisoft blog highlighted the list of organizations that witnessed the highest number of individuals and their data being compromised. Maximus was on top with 11 million individuals affected, in the MOVEit breach statistics.
Louisiana Office of Motor Vehicle cyber attack through MOVEit vulnerability had 6 million individual’s data compromised. This was followed by Alogent, Colorado Department of Health Care Policy and Financing, and Oregon Department of Transportation.
BORN Ontario, which collects records related to pregnancy from a network of Ontario health care confirmed having suffered a cybersecurity breach. They also were among the MOVEit cyber attack victims.
Among other data, lab results, pregnancy risk, birth type, and care details are expected to have been accessed by hackers. Over 3.4 million patient records are said to have been exposed.
MOVEit Cyber Attack
The MOVEit cyber attack that was detected by the firm in May continues to be used by its hackers to breach organizations across industries and nations. It was an unnamed zero-day vulnerability when found and was later offered updates.
Through the MOVEit ransomware attack, the schools using the services of the National Student Clearinghouse and Teachers Insurance and Annuity Association of America were also breached by the one cybercriminal group, Clop.
US-based organizations have been among the most affected amounting to 88.8% of all victims of MOVEit data breach. National Student Clearinghouse updated that nearly 900 schools were affected adding to the MOVEit victim statistics.
The province of Nova Scotia which was also impacted by the MOVEit global cybersecurity breach had to send over 165,000 letters to update the affected people. The province incurred a cost of over $2 million for credit monitoring signed up by over 29,000 people.
Lawsuits Due to the MOVEit Impact
There have been cases of organizations being charged with inadequate cybersecurity measures that led data to being exposed as they used the MOVEit File transfer service. In a recent update, CareSource a user of MOVEit was sued for $9.9 million by its clients whose data was exposed.
CaseSource, an insurance company had a class action lawsuit filed against it by plaintiffs that accused it of the data leak of over 3 million customers.
Clop ransomware group that hacked MOVEit has opted for similar file transfer breach tactic to get their hands on hundreds of connected clients. However, the MOVEit toll has reached a high number in the past months leading to speculations over the ransom they likely extracted, data leaked on their website and class action lawsuits slapped on organizations.
This further draws attention to the need to update systems which takes no more than minutes in most cases. Users need to keep their devices up-to-date, free from legacy software and equipped with phishing and malware detection tools.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
