Cl0p’s MOVEit attack tally surpasses 2,000 victim organizations

The number of victim organizations hit by Cl0p via vulnerable MOVEit installations has surpassed 2,000, and the number of affected individuals is now over 60 million.

The victim organizations are overwhelmingly based in the US. “The most heavily impacted sectors are finance and professional services and education, which account for 13.8 percent and 51.1 percent of incidents respectively,” Emsisoft researchers have shared on Monday.

IT market research company KonBriefing Research shows similar numbers, and links to data breach notification alerts by many of the companies.

Latest victims

Among the latest victims is the Better Outcomes Registry & Network (BORN), an Ontario-based perinatal, newborn and child registry, which in late May published a breach notice about the cybersecurity incident linked to the MOVEit vulnerability, and notified the authorities, including the Ontario Provincial Police and the Information and Privacy Commissioner (IPC) of Ontario.

“An in-depth analysis revealed that the files copied during the breach contained personal health information of approximately 3.4 million people – mostly those seeking pregnancy care and newborns who were born in Ontario between January 2010 and May 2023,” the institution recently stated.

The company said that threat actors may have stolen data such as name, address, postal code, date of birth, health card number (with no version code), but not banking or financial information.

The provincial government of the Canadian province of Nova Scotia had to send more than 165,000 notification letters to people who’s sensitive personal data (social insurance numbers, banking information) was stolen as a result of the breach.

The Oregon Department of Transportation confirmed in their breach notice that personal information of approximately 3.5 million Oregonians has been accessed.

As we reported on Monday, the US educational non-profit organization National Student Clearinghouse was also hit and, consequently, data belonging to nearly 900 schools and their students has been compromised.

MOVEit hack victim number still rising

Cl0p has been naming MOVEit hack victims on their leak site for months.

The ransomware/cyber extortion gang exploited an SQL injection vulnerability (CVE-2023-34362) in the popular MOVEit file transfer solution to compromise thousands of exposed installations and access the underlying databases.

Since the platform is used many government and financial institutions as well as private and public organizations, it is hard to tell how many of them have been impacted in total.

“Some of the organizations impacted provide services to multiple other organizations, and so the numbers (…) are likely to increase significantly as those organizations start to file notifications,” said Emsisoft’s Zach Simas.

“It should be noted that there will invariably be some overlap in terms of individuals impacted. Some organizations had MOVEit exposure via multiple vendors, which means the customers of those organizations will likely have had multiple exposures too.”