freshidea -

Ofcom data stolen in MOVEit cyber attack

Communications regulator Ofcom says data on employees and regulated communications companies was stolen by the Clop gang

UK communications regulator Ofcom has revealed it is among the organisations to have been compromised by the Russian-speaking Clop cyber crime gang following its exploit of a SQL injection vulnerability in Progress Software’s MOVEit Transfer managed file transfer service.

Ofcom confirmed earlier today that a “limited amount” of information about companies it regulates – some of it confidential – alongside the personal data of 412 of its own employees, was downloaded in the attack.

“The security of commercially confidential and sensitive personal information provided to Ofcom is taken extremely seriously,” an Ofcom spokesperson said.

“We took immediate action to prevent further use of the MOVEit service and to implement the recommended security measures. We also swiftly alerted all affected Ofcom-regulated companies, and we continue to offer support and assistance to our colleagues.

“No Ofcom systems were compromised during the attack,” they added.

NordVPN chief technology officer Marijus Briedis commented: “Stealing personal and company data from under the nose of the UK’s media regulator will be another feather in the cap of the cyber criminals behind the MOVEit hack.

“The large scale of the attack and high-profile victims like the BBC, British Airways and now Ofcom suggests this was meticulously planned….

“Stealing personal and company data from under the nose of the UK’s media regulator will be another feather in the cap of the cyber criminals behind the MOVEit hack”
Marijus Briedis, NordVPN

Briedis added: “This significant data heist will raise the attackers’ profile within the competitive ransomware-for-hire market that exists on the dark web. It also shows the ongoing risk of supply chain attacks on the UK, with opportunistic hackers looking to prey upon third-party services as a path to landing a big fish further down the line.”

As the clock ticks closer to Clop’s deadline for victims to contact it – lest they find their data leaked online – details of more victims continue to emerge.

Ireland’s Health Service Executive (HSE) – previously the victim of a major ransomware attack by the Conti cyber crime syndicate – is among those to have disclosed a breach following the attack.

Like a number of other victims, the HSE was compromised in a so-called supply chain attack via the systems of an external service provider that used MOVEit Transfer, in this case professional services firm EY.

Progress Software’s woes continue

Prior to the weekend, Progress Software, the company behind MOVEit, disclosed another vulnerability in the product, uncovered with the help of third-party researchers, which may have a similar impact.

A patch for this vulnerability was released on 9 June. MOVEit Transfer users can find more details about the vulnerability here.

Read more about the MOVEit incident

Read more on Data breach incident management and recovery

Data Center
Data Management