MOVEit victim count latest: 2.6K+ orgs hit, 77M+ people's data stolen

Trending 2 weeks ago

Quick appearance of hands: whose abstracts hasn't been baseborn in the accumulation corruption of Progress Software's accessible MOVEit book alteration application? Anyone?

According to aegis boutique Emsisoft, 2,620 organizations and added than 77 actor individuals accept been impacted to date, with millions in the accomplished anniversary abandoned accept accustomed notifications that their advice was either accessed, leaked, or both afterwards the Russian ransomware assemblage Clop exploited a security aperture in MOVEit aback in May to abduct files from compromised instances.

Embarrassingly antivirus biz Avast is amid these new-ish victims, which afresh appear the crooks accessed some "low-risk chump claimed information." 

"We booty this actively and are advice impacted barter and alms aphotic web ecology casework chargeless of charge," the developer xeeted on October 25. 

That chargeless dark-web ecology acceptable came in accessible to the 3 actor barter whose advice has reportedly been leaked on a hacking forum.

According to the UK's Times, the advice acquaint "is primarily bound to name and/or acquaintance information, as able-bodied as advice on the artefact you purchased from us. No cyberbanking details, acclaim agenda numbers or high-risk abstracts such as login advice or anniversary capacity were taken." 

An Avast agent beneath to acknowledgment specific questions about the breach, admitting beatific The Register the afterward statement:

Not one to let an befalling to up-sell blooper by, the org recommended that afflicted barter additionally pay for an added aegis service. As expected, users aren't too blessed with Avast's "shameless business tactics" and took to a web forum to articulation their complaints.

"I accustomed an email today about Avast chump abstracts actuality leaked on the aphotic web. In the email, Avast recommends signing up for an added paid service," one user noted. 

According to addition customer:

It appears the old adage that one person's aperture is another's business befalling rings true.

Millions added patients' abstracts stolen

In added MOVEit news, Welltok, which provides accommodating advice casework for healthcare providers above the US, has been active advice patients that their allegedly clandestine healthcare abstracts absolutely isn't.

The Virgin Pulse-owned aggregation has beatific notification belletrist to added than 1.6 actor patients alerting them that their names, addresses, dates of birth, and bloom advice may accept been baseborn by miscreants abusing MOVEit, according to a November 18 filing with the Maine Attorney General's office.

Specifically, this advice belonged to bodies with accumulation bloom affairs from Stanford Health Care, Stanford Health Care, Lucile Packard Children's Hospital Stanford, Stanford Health Care Tri-Valley, Stanford Medicine Partners, and Packard Children's Health Alliance.

Welltok did not anon acknowledge to The Register's appeal for comment.

In a letter beatific to those afflicted patients, Welltok says it aboriginal abstruse that its MOVEit instance had been compromised aback in July, afterwards it had "previously installed all appear patches and aegis upgrades anon aloft such patches actuality fabricated accessible by Progress Software." [PDF]

Things basically got worse from there on out.

By August, it bent abyss had, in fact, managed to "exfiltrate assertive data," and in October Welltok began advice Sutter Health patients that their claimed advice may accept been accessed. 

Sutter provides bloom affliction to added than three actor people in arctic California.

  • MOVEit cybercriminals ascertain beginning zero-day to accomplishment on-prem SysAid hosts
  • Royal Mail cybersecurity still a bit of a mess, infosec bods claim
  • Regulator, insurers and barter all advancing for Progress afterwards MOVEit breach
  • Security advisers accept accumulation corruption attempts adjoin WS_FTP accept begun

Welltok additionally provides accommodating abstracts communications for Michigan's Corewell Health as able-bodied as its Priority Health affairs portal, and a ton of those patients additionally were hit by the MOVEit breach.

Last week, Welltok said about one million Corewell Health patients and 2,500 Priority Health associates were impacted. For Priority Health associates baseborn abstracts included name, abode and bloom allowance identification number. Corewell Health patients' may accept had their names, dates of birth, email addresses, buzz numbers, diagnosis, bloom allowance advice and Social Security numbers exposed.

Also aftermost week, Welltok notified 89,556 patients of St. Bernards Healthcare that their abstracts may accept been compromised in the MOVEit fiasco. 

"The advice accessed by the alien abecedarian may accept included, depending on the individual, their name, address, date of birth, amusing aegis number, email address, buzz number, accommodating identification number, bloom allowance information, provider's name, and medical analysis or analysis information," according to the Arkansas-based bloom affliction provider. ®