Banks, hotels and hospitals among latest MOVEit mass-hack victims
The MOVEit mass-hack has claimed yet more victims, including hotel chain Radisson, U.S.-based 1st Source Bank, real estate giant Jones Lang LaSalle, and Dutch GPS company TomTom.
The Clop ransomware gang, which claimed responsibility for the mass data raids targeting corporate customers of Progress Software’s MOVEit file-transfer tool, has already claimed hundreds of victims — and this list continues to grow.
Radisson Hotels Americas, an international hotel group with more than 1,100 locations, said it’s among the latest victims after appearing on Clop’s dark web leak site this week.
Moe Rama, a spokesperson for Choice Hotels (which acquired Radisson Hotels Group in 2022) told TechCrunch that a “limited number of guest records” were accessed by hackers exploiting the MOVEit Transfer vulnerability, but declined to say how many guests had been affected.
U.S.-based real estate giant Jones Lang LaSalle has also said it was also affected, after TechCrunch learned that the organization had experienced a data breach as a result of the cyberattack. A source with knowledge of the incident told TechCrunch that JLL informed staff by email that all employee data — but not Social Security numbers — had been compromised, and that the breach had affected all of the organization’s 43,000 employees.
JLL did not dispute the claims when reached by TechCrunch.
“We were notified by MOVEit of a previously unknown security vulnerability in their software. Our immediate investigation detected unauthorized access to a limited number of files; we contained the malicious activity and patched our systems per vendor-provided instructions,” said JLL spokesperson Allison Heraty. “Our priority has been to communicate directly with those impacted as well as all relevant authorities, which we have done.”
In a regulatory filing on Monday, 1st Source Bank — among the first MOVEit victims to be listed by Clop — now confirmed that hackers accessed “sensitive client data of commercial and individual clients, including personally identifiable information.”
“The company has notified and is working with its commercial clients so impacted and is in the process now of identifying and directly notifying individual clients who have been impacted,” the bank added.
Healthcare data, too, may have been accessed in the mass-raids.
UofL Health, an academic health system based in Kentucky, confirmed to TechCrunch that it had been targeted by the hacks after being listed on Clop’s dark web leak site. However, UofL Health declined to say whether data had been accessed.
“Recently, the United States government confirmed that multiple federal agencies had been affected by cyberattacks which exploited a security vulnerability in a popular file transfer tool called MOVEit,” UofL Health spokesperson David McArthur told TechCrunch. “Unfortunately, a small number of UofL Health medical practices used this software to transfer files to third party vendors.
“Upon learning of this event, UofL Health immediately took action and is now working with a forensic IT agency to determine the scope of the matter. The security of normal operations at UofL Health hospitals, medical centers, and physician offices has not been jeopardized.”
TomTom, the Dutch navigation giant, also confirmed to TechCrunch that it’s affected after being listed by Clop on Tuesday. “We at TomTom were immediately aware of a data breach that occurred on our vendor’s platform, MOVEit, last month,” said TomTom spokesperson Ivo Bökkerink. “We have taken all necessary safety and security measures to protect the data, and we have informed the relevant authorities.” It’s not yet known what data, if any, was stolen by Clop.
Several other victims have come forward over the past day, including: German investment bank Deutsche Bank; the University of Colorado; the University of Illinois; diagnostics company Realm IDX; and New York-based biopharmaceutical firm Bristol Myers Squibb.
Tens of other organizations have been listed to Clop’s dark web leak site, but have not yet responded to TechCrunch’s questions. This list includes an electronics maker, a global technology company, a corporate travel management giant, and a human resources software maker.
According to the latest figures from Brett Callow, threat analyst at Emsisoft, the MOVEit hackers have already claimed almost 270 victim organizations, impacting more than 17 million individuals.