10/02/2023

The Biggest Hack of 2023 Keeps Growing

Additional MOVEit breach victims continue to come forward

In a field of shocking, opportunistic espionage campaigns and high-profile digital attacks on popular businesses, the biggest hack of 2023 isn’t a single incident, but a juggernaut of related attacks that keeps adding victims to its score. In the coming months, more people, as many as tens of millions, could find out that their sensitive information has been compromised. But more still will likely never learn of the situation or its impact on them.

Since May, mass exploitation of a vulnerability in the widely-used file transfer software MOVEit has allowed cybercriminals to steal data from a dizzying array of businesses and governments, including Shell, British Airways, and the United States Department of Energy. Progress Software, which owns MOVEit, patched the flaw at the end of May, and broad adoption of the fix ultimately halted the rampage. But the “Clop” data extortion gang had already orchestrated a far-reaching smash and grab. And months later, the full extent of the damage is still coming into view.

Last week, Ontario’s government birth registry, BORN Ontario, said that it suffered a MOVEit-related attack earlier this year in which hackers stole sensitive personal data from 3.4 million people, including 2 million babies as well as expectant parents and those seeking fertility care. The compromised health data dates from January 2010 to May 2023. While organizations like BORN continue to disclose a slow trickle of MOVEit incidents, researchers say that the number of suspected attacks—and the total number of people whose data has already been stolen in these incidents—far exceeds what has come to light.

Please select this link to read the complete article from WIRED.