A spate of cyberattacks on the software MOVEit, reportedly by a Russian-speaking criminal group, have impacted multiple organizations from airlines to universities, and the Department of Energy. Transportation agencies in Oregon and Louisiana, the University of Georgia, and the University System of Georgia have all been hit, resulting in the exposure of a vast number of individuals’ personal details.
- The MOVEit software cyberattacks have resulted in extensive data breaches, revealing sensitive personal information such as names, addresses, and social security numbers. Louisiana officials have advised residents to freeze their credit, and Oregon’s Department of Transportation confirmed that the attackers accessed personal data of about 3.5 million individuals.
- The University of Georgia, the University System of Georgia, and two Department of Energy entities are among the impacted organizations. However, specifics of the information at risk have not been provided.
- Other recent attacks exploiting MOVEit have been claimed by the Russian-speaking ransomware group CL0P. This has caused significant concerns due to the vast amount of sensitive information that has been exposed.
- While officials with the Cybersecurity and Infrastructure Security Agency have stated that the campaign is not as systemically risky as the SolarWinds hack, the range of institutions affected and the sensitive nature of the data breached make this a serious situation.
- A patch to eliminate the software vulnerability used by hackers is now available for MOVEit users. Despite this, the exact range of organizations affected by the cyberattacks remains unknown, and the full impact of these attacks is yet to be fully understood.