×

Irish Information Security Forum

MOVEit global data breach impacts companies in Ireland

Sources:  Progress, Microsoft, RTE, Silicon Republic, Techcrunch

 

Ransomware gang Clop, claimed responsibility for a cyber attack on data transfer service MOVEit, has issued a threat to all those affected by the breach. The attack on MOVEit directly led to a data breach affecting UK payroll services provider Zellis, who  uses MOVEit as a third-party provider.

Zellis Data Breach

"A large number of companies around the world have been affected by a zero-day vulnerability in Progress Software's MOVEit Transfer product. We can confirm that a number of our customers have been impacted by this global issue and we are actively working to support them. Once we became aware of this incident we took immediate action, disconnecting the server that utilises MOVEit software and engaging an expert external security incident response team to assist with forensic analysis and ongoing monitoring. We have also notified the ICO, DPC, and the NCSC in both the UK and Ireland."

 

Aer Lingus,  confirmed that they are one of the companies affected by the Zellis breach through the MOVEit compromise. Other big brands include Boots, British Airways and the BBC.

 

Microsoft attributed the hack exploiting the Moveit zero-day vulnerability to Lace Tempest, a reportedly Russian-speaking cybercrime group known for similar ransomware operations and running the Clop extortion site.

 

The Clop team claimed responsibility and that they had stolen data from "hundreds of companies" and would begin publishing organizations' stolen data on June 14th if a ransom is not paid. 

 

 

Progress MOVEit critical Vulnerability

Progress,
the company behind MOVEit Transfer and MOVEit services stated:  "We have discovered a vulnerability in MOVEit Transfer and MOVEit Cloud that could lead to escalated privileges and potential unauthorized access to the environment. If you are a MOVEit Transfer customer, it is extremely important that you take immediate action in order to help protect your environment. At Progress, security is always a top priority and we have taken actions to mitigate the issue. We do, however, recommend that customers conduct their own due diligence.

 

Read The full technical Disclosure
MOVEit Transfer Critical vulnerability







IISF Logo

If you are interested in finding out more about the IISF, or would like to attend one of our Chapter Meetings as an invited guest, please contact the
IISF Secretary:

By email:
secretary@iisf.ie

By post:

David Cahill

Information Security

GPO, 1-117
D01 F5P2

Enhance your Cybersecurity knowledge and learn from those at the coalface of information Security in Ireland

 


Forum SPONSORS 

Invitations for Annual Sponsorship of IISF has now reopened.

Sponsorship of IISF Opportunity
(your logo & profile link here)

 

Sponsors are featured prominently throughout the IISF.IE website, social media channels as well as enjoying other benefits Read more

 

secured by edgescan digital security radar logo

© iiSf. All rights reserved. CRN: 3400036GH  - Privacy  - Sponsorship  - Cybersecurity News Index  - Cybersecurity Resources  - X  - Produced by
LinkedIn Twitter