The high-profile hack of MOVEit Transfer still reminds us of itself with sudden information security discoveries.
A year after a high-profile cyber attack by the Clop group, during which hundreds of companies were compromised with confidential data, the University system of Georgia (USG), which unites 26 public colleges and universities in the United States, unexpectedly discovered that it was also hacked at that time.
Recall that a year ago, the Clop ransomware gang exploited a zero-day vulnerability in the MOVEit Transfer file transfer system of Progress Software, which made it possible to steal data on a global level. Now, with the help of the FBI and CISA, the USG has established that the group stole sensitive files from their system, too. The organization started sending notifications to affected individuals on April 15 this year.
Among the stolen information were full or partial social security numbers, dates of birth, bank account numbers, and federal tax documents with tax identification numbers.
As it became known from the official notification sent to the state of Maine, the data of about 800,000 people was compromised during the attack. This number significantly exceeds the number of students studying at USG universities, which indicates that the leak also extends to former students, academic staff and other employees.
In response to the incident, USG offered victims 12 months of identity protection and fraud detection services through Experian. However, it is unlikely that after a full year, these services will be relevant for those affected.
The Clop attack on MOVEit Transfer turned out to be one of the most successful ransomware operations in recent years. Even a year after the attack, organizations still continue to detect and disclose data breaches, which only highlights the long-term consequences of such incidents.
A year after a high-profile cyber attack by the Clop group, during which hundreds of companies were compromised with confidential data, the University system of Georgia (USG), which unites 26 public colleges and universities in the United States, unexpectedly discovered that it was also hacked at that time.
Recall that a year ago, the Clop ransomware gang exploited a zero-day vulnerability in the MOVEit Transfer file transfer system of Progress Software, which made it possible to steal data on a global level. Now, with the help of the FBI and CISA, the USG has established that the group stole sensitive files from their system, too. The organization started sending notifications to affected individuals on April 15 this year.
Among the stolen information were full or partial social security numbers, dates of birth, bank account numbers, and federal tax documents with tax identification numbers.
As it became known from the official notification sent to the state of Maine, the data of about 800,000 people was compromised during the attack. This number significantly exceeds the number of students studying at USG universities, which indicates that the leak also extends to former students, academic staff and other employees.
In response to the incident, USG offered victims 12 months of identity protection and fraud detection services through Experian. However, it is unlikely that after a full year, these services will be relevant for those affected.
The Clop attack on MOVEit Transfer turned out to be one of the most successful ransomware operations in recent years. Even a year after the attack, organizations still continue to detect and disclose data breaches, which only highlights the long-term consequences of such incidents.
