Around 2,620 organizations and 77.2 million people have been affected by the hack of file transfer service MOVEit since May this year, according to a New Zealand-based cybersecurity firm. Msisoft. Russia-linked ransomware group Clop claimed responsibility for his June 6 attack.
US-based organizations are the most affected, with 78.1% of affected organizations belonging to the US. According to Emsisoft, Canada accounted for 14% of affected organizations, followed by Germany at 1.4% and the UK at 0.8%.
Most of the affected organizations are in the education sector, with 40.6% in this sector, followed by healthcare (19.2%) and financial and professional services (12.1%). Emsisoft’s findings are based on public information, SEC filings, national violation notices, and data from Clop’s website.
The severity of the cyberattack can be gauged by the fact that it affected customer records of antivirus giant GenDigital, the parent company of Norton and Avast.
Avast revealed It is said that some of the customers’ “low-risk customer personal information” was leaked. According to Emsisoft’s report, the MOVEit incident affected the data of Avast’s 3 million individual customers.
MOVEit has impacted not only government agencies but also some prominent companies. Louisiana Maximus Motor Vehicles Authority, Colorado Department of Health Policy and Finance Arrogant, U.S. Department of Energy Welltok, Shell Oil, British Airways, Maine Genworth, and Oregon Department of Transportation are other organizations affected. Due to the MOVEit incident.
Progress Software issued a patch for the vulnerability on May 31st, followed by second and third patches on June 9th and June 15th, respectively.
Growing security threats
MOVEit has emerged as a major security incident with long-term implications for affected companies and their customers. Focuses on the challenges organizations face when protecting their data.
Due to this security incident, Progress Software Corporation, the owner of the MOVEit platform, is currently under investigation by the US Securities and Exchange Commission (SEC). It also faces a class action lawsuit brought by consumer rights law firm Hagens Berman. Several affected organizations and people are seeking compensation.
As the frequency and intensity of cyberattacks and data breaches continue to increase every year across all regions, it is becoming increasingly difficult for businesses to protect their data.according to Recent IBM Reports, the average cost of a data breach hit an all-time high of $4.45 million in 2023, a 2.3% increase from 2022. Additionally, IBM reports that the average cost per record involved in a data breach is $165. 2023.
Another thing that became clear from the MOVEit incident is that given that some of the affected organizations were not direct users of MOVEit, organizations must focus their efforts on ensuring supply chain safety in addition to internal security. It means you have to.