Data on 760K workers from Xerox, Nokia, BofA, Morgan Stanley and more dumped online
(2024/12/03)
- Reference: 1733194636
- News link: https://www.theregister.co.uk/2024/12/03/760k_xerox_nokia_bofa_morgan/
- Source link:
Hundreds of thousands of employees from major corporations including Xerox, Nokia, Koch, Bank of America, Morgan Stanley and others appear to be the latest victims in a massive data breach linked to last year's attacks on file transfer tool MOVEit.
On Monday morning, an entity that uses the handle "Nam3L3ss" began [1]leaking what they claimed to be personal data belonging to from the abovementioned corporations, plus workers at other firms affected by the MOVEit vulnerability.
The Russia-linked [2]Cl0p ransomware crew began abusing this critical security hole in Progress Software's MOVEit product suite in May 2023. Thousands of organizations' and [3]millions of individuals' data was accessed.
[4]
MOVEit appears to be the gift that keeps giving, as last month Nam3L3ss began dumping files – including those belonging to [5]Amazon employees – on the cyber crime forum.
[6]
This week, the miscreant(s) added several other big names to the MOVEit victims list. The newly leaked data appears to be authentic, according to Zack Ganot, chief strategy officer at personal-data-removal deletion outfit Atlas Privacy.
[7]Amazon confirms employee data exposed in leak linked to MOVEit vulnerability
[8]One year on, universities org admits MOVEit attack hit data of 800K people
[9]US government hit by Russia's Clop in MOVEit mass attack
[10]The only thing worse than being fired is scammers fooling you into thinking you're fired
Atlas Privacy operates [11]databreach.com – which allows people to check if their info has been exposed in a breach, and then helps them remove their data from the internet. The service's initial analysis of the data Nam3L3ss disclosed is that it exposes hundreds of thousands of thousands of employees' names, phone numbers, email addresses, job addresses, employee badges, job titles, and usernames.
This includes more than 760,000 employee details belonging to workers from [12]Xerox (42,735), [13]Koch (237,487), [14]Nokia (94,253), [15]Bank of America (288,297), [16]Bridgewater (2,141), [17]Morgan Stanley (32,861), and [18]JLL (62,349). All six firms were listed on BreachForums on Monday. None responded to The Register 's requests for comment. We will update this story if and when we hear back from them.
"This data is a goldmine for social engineering," Ganot told The Register . "Knowing exactly what employee sits on which team, who they report to, what their badge number is, what building they work in, their organizational email and phone number – this is some wild stuff for an attacker looking to exploit an org." ®
Get our [19]Tech Resources
[1] https://bsky.app/profile/darkwebinformer.bsky.social/post/3lcdhmipdtk2q
[2] https://www.theregister.com/2023/06/15/clop_broke_into_the_doe/
[3] https://www.theregister.com/2024/05/08/georgia_state_education_moveit/
[4] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2Z06Qeh54Ytz0ztFCF7U_VwAAAA0&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0
[5] https://www.theregister.com/2024/11/12/amazon_moveit_breach/
[6] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44Z06Qeh54Ytz0ztFCF7U_VwAAAA0&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[7] https://www.theregister.com/2024/11/12/amazon_moveit_breach/
[8] https://www.theregister.com/2024/05/08/georgia_state_education_moveit/
[9] https://www.theregister.com/2023/06/15/clop_broke_into_the_doe/
[10] https://www.theregister.com/2024/11/28/fired_phishing_campaign_cloudflare/
[11] https://databreach.com/breach
[12] https://databreach.com/breach/xerox-2024
[13] https://databreach.com/breach/koch-2024
[14] https://databreach.com/breach/nokia-2024
[15] https://databreach.com/breach/bank-of-america-2024
[16] https://databreach.com/breach/bridge-water-2024
[17] https://databreach.com/breach/morgan-stanley-2024
[18] https://databreach.com/breach/jll.com-2024
[19] https://whitepapers.theregister.com/
On Monday morning, an entity that uses the handle "Nam3L3ss" began [1]leaking what they claimed to be personal data belonging to from the abovementioned corporations, plus workers at other firms affected by the MOVEit vulnerability.
The Russia-linked [2]Cl0p ransomware crew began abusing this critical security hole in Progress Software's MOVEit product suite in May 2023. Thousands of organizations' and [3]millions of individuals' data was accessed.
[4]
MOVEit appears to be the gift that keeps giving, as last month Nam3L3ss began dumping files – including those belonging to [5]Amazon employees – on the cyber crime forum.
[6]
This week, the miscreant(s) added several other big names to the MOVEit victims list. The newly leaked data appears to be authentic, according to Zack Ganot, chief strategy officer at personal-data-removal deletion outfit Atlas Privacy.
[7]Amazon confirms employee data exposed in leak linked to MOVEit vulnerability
[8]One year on, universities org admits MOVEit attack hit data of 800K people
[9]US government hit by Russia's Clop in MOVEit mass attack
[10]The only thing worse than being fired is scammers fooling you into thinking you're fired
Atlas Privacy operates [11]databreach.com – which allows people to check if their info has been exposed in a breach, and then helps them remove their data from the internet. The service's initial analysis of the data Nam3L3ss disclosed is that it exposes hundreds of thousands of thousands of employees' names, phone numbers, email addresses, job addresses, employee badges, job titles, and usernames.
This includes more than 760,000 employee details belonging to workers from [12]Xerox (42,735), [13]Koch (237,487), [14]Nokia (94,253), [15]Bank of America (288,297), [16]Bridgewater (2,141), [17]Morgan Stanley (32,861), and [18]JLL (62,349). All six firms were listed on BreachForums on Monday. None responded to The Register 's requests for comment. We will update this story if and when we hear back from them.
"This data is a goldmine for social engineering," Ganot told The Register . "Knowing exactly what employee sits on which team, who they report to, what their badge number is, what building they work in, their organizational email and phone number – this is some wild stuff for an attacker looking to exploit an org." ®
Get our [19]Tech Resources
[1] https://bsky.app/profile/darkwebinformer.bsky.social/post/3lcdhmipdtk2q
[2] https://www.theregister.com/2023/06/15/clop_broke_into_the_doe/
[3] https://www.theregister.com/2024/05/08/georgia_state_education_moveit/
[4] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2Z06Qeh54Ytz0ztFCF7U_VwAAAA0&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0
[5] https://www.theregister.com/2024/11/12/amazon_moveit_breach/
[6] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44Z06Qeh54Ytz0ztFCF7U_VwAAAA0&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[7] https://www.theregister.com/2024/11/12/amazon_moveit_breach/
[8] https://www.theregister.com/2024/05/08/georgia_state_education_moveit/
[9] https://www.theregister.com/2023/06/15/clop_broke_into_the_doe/
[10] https://www.theregister.com/2024/11/28/fired_phishing_campaign_cloudflare/
[11] https://databreach.com/breach
[12] https://databreach.com/breach/xerox-2024
[13] https://databreach.com/breach/koch-2024
[14] https://databreach.com/breach/nokia-2024
[15] https://databreach.com/breach/bank-of-america-2024
[16] https://databreach.com/breach/bridge-water-2024
[17] https://databreach.com/breach/morgan-stanley-2024
[18] https://databreach.com/breach/jll.com-2024
[19] https://whitepapers.theregister.com/
Yawn...
I feel the biggest consequence of all of these breaches and their eventual publication is how so much less impactful they feel. Oh no, billions of rows... Ah, nothing exciting, happened last week too.
I worry for the layman that sees this and thinks nothing of it... including while they are being actively phished.