Cl0p’s MOVEit Cyber Attack Impacts 513 Organizations, Over 30 Million Victims

Jul 27, 2023

The MOVEit cyber attack by the Cl0p ransomware group has claimed 513 organizations till date, affecting a staggering 34,682,156 individuals, analysts reported.

U.S. government services contracting business Maximus became the latest to confirm being affected by the MOVEit Transfer vulnerability.

In an SEC disclosure, the company conceded that threat actors have accessed the protected health information of as many as 11 million individuals.

The company engages in partnerships with federal, state, and local governments to oversee and execute government-sponsored programs, including but not limited to Medicaid, Medicare, healthcare reform initiatives, and welfare-to-work programs.

Threat intelligence experts have been closely monitoring the impact of the MOVEit file transfer vulnerability CVE-2023-34362.

However, the true number of victims from the MOVEit cyber attack is suspected to be much higher, as several organizations are still in the process of confirming the total number of people affected.

Cyber attacks linked to MOVEit data breach

MOVEit MFT – Managed File Transfer Software has clients across the globe from various sectors including financial organizations and educational institutions.

The exploited MOVEit vulnerability, which was named on 2 June 2023, was exploited by the Cl0p ransomware group.

The ransomware group gained access to the data of clients who were using MOVEit services. Additionally, they also infiltrated the systems of other third-party vendors associated with various organizations through the MOVEit platform.

Several educational institutions that used services offered by the National Student Clearinghouse (NSC) and Teachers Insurance and Annuity Association (TIAA) were also breached through MOVEit.

These third-party vendors offered educational research and pension-related services to educational institutions with MOVEit being their file transferring service platform.

Notice by the University of Oklahoma (Photo: Brett Callow/ Twitter)

The U.S. Department of Education requires nearly 3,600 educational institutions in the United States to use NSC and TIAA. These third-party vendors were impacted due to the MOVEit vulnerability.

Current number of MOVEit cyber attack victims

According to a report published by the Emsisoft blog, nearly 109 schools in the United States have been impacted by the MOVEit cyber attack.

Of the 513 organizations targeted, 23 belong to U.S. public sector and 31 to International public sector.

Going by countries impacted by the MOVEit vulnerability exploitation, 72.7% of known victims were U.S. organizations, while 6.6% of victims were from Germany-based organizations.

The United Kingdom and Canada both had 3.9% of their organizations impacted respectively. The sectors most affected by the MOVEit file transfer cyber attack were finance, professional services, and education.

Recent MOVEit cyber attack victims

Maximus confirmed being impacted by the MOVEit cyber attack in a Form 8-K filing at the SEC. Maximus confirmed the compromise of its data including Secure Service Network (SSNs) and Protected Health Information (PHI).

“At present, there is no indication that the incident has had any impact on the internal information technology systems of the Company or its customers beyond the MOVEit environment,” it said.

The Form 8-K serves as a comprehensive document utilized to inform investors in U.S. public companies about specific events that could hold significance for shareholders or the United States Securities and Exchange Commission (SEC).

Listed companies in the US usually use Form 8-K to disclose their cybersecurity incidents.

According to the new rules announced on Wednesday, listed US companies have to promptly disclose any cybersecurity breaches that could impact their financial standing within four days.

SSNs and PHI of 8 to 11 million customers of Maximus were likely exposed due to the MOVEit exploitation. The tweet further stated that the cost to the company due to the Maximus cyber attack is expected to reach $15 million.

Details about the MOVEit cyber attack

CVE-2023-34362 was an SQL injection vulnerability that could allow unauthenticated users to access MOVEit Transfer database.

The hackers could gain information about the structure and content of the database. They could execute code to alter or delete the database elements.

In the second week of July, MOVEit had impacted 299 organizations, affecting 18,154,787 individuals. By July 18, the number of affected individuals had risen to 19,879,769.

As of July 21, the numbers further increased to 20,421,414, with only 66 disclosures made.

Notably, 384 organizations were still in the process of confirming the number of individuals impacted. Among them were 70 schools, 20 public sectors, and 31 international public sectors.

Get Free Report & Network Analysis

Please check your email for the free report.