Nearly 1,000 organizations and 60 million individuals are reportedly impacted by the recent MOVEit campaign conducted by the Russian-speaking Cl0p ransomware group.
It’s worth noting that these numbers include both directly and indirectly impacted entities. For instance, several organizations and millions of people had their information compromised through PBI, which provides research services for the pension and financial sectors.
As of August 24, cybersecurity firm Emsisoft was aware of 988 victims and roughly 59,200,000 individuals.
The list of organizations that may have exposed the information of more than one million individuals includes Maximus, Pôle Emploi, Louisiana Office of Motor Vehicles, Colorado Department of Health Care Policy and Financing, Oregon Department of Transportation, Teachers Insurance and Annuity Association of America, Genworth, PH Tech, Milliman Solutions, and Wilton Reassurance Company.
The number of impacted organizations is also confirmed by Resecurity, which on August 23 reported being aware of 963 public and private sector organizations worldwide hit by the MOVEit hack.
Cl0p, which is estimated to earn as much as $100 million as a result of this campaign, has started leaking the data of victims that have refused to pay up.
On August 14 and 15, the cybercriminals leaked nearly 1 Tb of information allegedly stolen from 16 of the victims, Resecurity said. These victims include UCLA, Siemens Energy, Cognizant, and cybersecurity firms Norton LifeLock and Netscout.
The data was leaked through surface web torrents, making it easier for anyone to obtain the stolen files.
Both Emsisoft and Resecurity said more than 80% of the affected organizations are in the United States.
The MOVEit campaign involved exploitation of CVE-2023-34362, a critical SQL injection vulnerability in the MOVEit Transfer managed file transfer (MFT) software that can be exploited by an unauthenticated attacker to access files transferred through the product.