Clop ransomware gang exploits MOVEit vulnerability
The breach compromised the personal information of employees from a minimum of eight companies.
A cyberattack on payroll company Zellis has resulted in exposing the data of at least eight of its customers, which includes BBC, British Airways, Aer Lingus, Boots, Nova Scotia Government, and the University of Rochester. The attack originated from Zellis’s use of MOVEit Transfer file transfer software, where the Clop ransomware gang exploited a vulnerability in the MOVEit software to breach the system and get access to the personal details of thousands of employees of the companies using the Zellis software services.
The Clop ransomware gang claimed responsibility for the attack and posted a notice on the dark web leak website that those affected by the MOVEit hack should email Clop before 14 June, or stolen data will be published. Clop also claimed that it has deleted any data from government, city or police services. The Clop representative confirmed for BleepingComputer that the group started exploiting the vulnerability on 27 May.
Zellis issued a statement, noting, ‘Once we became aware of this incident we took immediate action, disconnecting the server that utilises MOVEit software and engaging an expert external security incident response team to assist with forensic analysis and ongoing monitoring.’ It is believed the company has notified the Information Commissioner’s Office, the Data Protection Commission and the National Cybersecurity Centre in the UK and Ireland of this cyberattack.