A critical vulnerability in the widely used MOVEit file transfer software has led to one of the most extensive corporate data leaks in recent history, affecting millions of employees across 25 major organizations.
The breach, attributed to a zero-day vulnerability known as CVE-2023-34362, has exposed sensitive employee information from global companies in the finance, technology, healthcare, and retail sectors.
A threat actor operating under the alias “Nam3L3ss” has released vast datasets containing detailed employee records stolen during the MOVEit attacks in May 2023.
The leaked data includes names, email addresses, phone numbers, job titles, and, in some cases, entire organizational structures.
How to Maximize Cybersecurity Program ROI -> Free Webinar
Here’s a table showing the number of records stolen from each company in the MOVEit data breach:
| Company | Records Stolen |
|---|---|
| Amazon | 2,861,111 |
| MetLife | 585,130 |
| Cardinal Health | 407,437 |
| HSBC | 280,693 |
| Fidelity | 124,464 |
| U.S. Bank | 114,076 |
| HP | 104,119 |
| Canada Post | 69,860 |
| Delta Airlines | 57,317 |
| Applied Materials | 53,170 |
| Leidos | 52,610 |
| Charles Schwab | 49,356 |
| 3M | 48,630 |
| Lenovo | 45,522 |
| Bristol Myers Squibb | 37,497 |
| Omnicom Group | 37,320 |
| TIAA | 23,857 |
| UBS | 20,462 |
| Westinghouse | 18,193 |
| Urban Outfitters | 17,553 |
| Rush University | 15,853 |
| British Telecom | 15,347 |
| Firmenich | 13,248 |
| City National Bank | 9,358 |
| McDonald’s | 3,295 |
This table shows the extent of the data breach, with Amazon being the most severely impacted, having over 2.8 million records stolen. The breach affected companies across various sectors, including technology, finance, healthcare, and retail.
Other affected organizations include U.S. Bank, HP, Delta Airlines, Charles Schwab, 3M, Lenovo, and McDonald’s, among others. The total number of compromised records across all 25 companies exceeds 5 million.
The leaked datasets contain highly structured information, revealing not only contact details but also sensitive internal data such as cost center codes and departmental assignments.
Security researchers at Hudson Rock have verified the authenticity of the data by cross-referencing it with LinkedIn profiles and information from previous infostealer infections.
Nam3L3ss claims this leak represents just a fraction of the data in their possession, hinting at potentially more extensive disclosures in the coming days. The hacker’s motives remain unclear, as they deny any attempts at blackmail or ransom demands.
While the Clop ransomware gang initially exploited the MOVEit vulnerability, researchers cannot yet confirm whether Nam3L3ss is affiliated with Clop or acted independently.
The breach poses significant risks for affected organizations and their employees. These include:
- Increased vulnerability to phishing and social engineering attacks.
- Potential for corporate espionage.
- Reputational damage to high-profile companies.
- Heightened risk of financial fraud, especially for financial sector targets.
In response to the breach, cybersecurity experts recommend several mitigation strategies:
- Immediate application of security patches released by Progress Software, the developer of MOVEit.
- Conducting comprehensive security audits to identify and address potential vulnerabilities.
- Enhancing employee awareness and training on cybersecurity best practices.
- Implementing stricter access controls and data segmentation policies.
Amazon has confirmed the breach, stating that a third-party property management vendor was compromised, affecting employee work contact information. The company asserts that its core systems remain secure and that no sensitive personal data, such as Social Security numbers or financial information, was exposed.
As organizations deal with the consequences of this significant data leak, the incident highlights the essential need for timely security patching and strong cybersecurity measures in an increasingly interconnected digital landscape.
The full extent of the breach’s impact is still unfolding, and potentially, more revelations will come soon.
Run private, Real-time Malware Analysis in both Windows & Linux VMs. Get a 14-day free trial with ANY.RUN!