Security Advisory : MOVEit Data Breach
RGSA 12-21-2023-01
Date : December 21, 2023
INTRODUCTION
In May 2023, the Cl0p ransomware group started exploiting a newly discovered vulnerability in Progress Software’s MOVEit Transfer, a tool for enterprise file transfer. Although Progress swiftly released a fix, the impact was already significant. This extensive cyberattack by Cl0p targeted a wide range of sectors globally, affecting entities such as the public school system in New York City, a UK-based company providing HR and payroll services to clients like British Airways and the BBC, among others.
Over 2,000 organizations have reported being attacked, with data thefts affecting more than 62 million people
FALL OUT OF THE INCIDENT
With such a large exposure, many people have begun to receive notices that their personal information was compromised as part of this breach. Many of the organizations that people entrust their data to, like accounting firms and wealth management companies, were affected by this breach. Companies affected by this breach have a legal obligation in Canada to report to their customers if they believe their customers have had their personal information breached.
Companies that notify their customers of the breach often offer one to two years of credit monitoring and identity protection services at no cost.
Richter recommends that victims receiving these notices enroll in the free credit monitoring and identity protection services provided.
IMPLICATIONS
The diagram on the right illustrates how hackers use personal information to carry out attacks using your personal information. Credit monitoring and identity protection services can assist with identity theft and financial fraud implications; however, this protection is insufficient.
Hackers can still use your personal information to conduct blackmail and ransom operations. They can impersonate you online and wreak havoc on your social reputation. They can use it to mount very sophisticated phishing attacks.
SOLUTION
Richter Guardian is a state-of-the-art service that leverages AI to protect your digital life. Our service gives exclusive access to commercial-grade protection unavailable in the consumer market.
By protecting your online presence, Richter Guardian will defend you from impersonations, inadvertent leakage of critical data and worse, any compromise to your digital safety. By protecting your devices, Richter Guardian will thwart sophisticated phishing and other technical attacks. You can rest assured that our seasoned cybersecurity professionals are there for you to address any of your cybersecurity concerns.