Share this article on:
The hacking group behind the MOVEit file transfer hack has posted the details of data it says was stolen from consultancy giant Deloitte.
However, the company has come out with a denial of Clop’s success.
Clop made the claim in its darknet data breach site, saying additionally that “the company doesn’t care about its customers, it ignored their security!!!”
While Deloitte does use Progress Software’s MOVEit software, it said that as soon as the vulnerability was disclosed, the appropriate patches and updates were immediately applied.
“Immediately upon becoming aware of this zero-day vulnerability, Deloitte applied the vendor’s security updates and performed mitigating actions in accordance with the vendor’s guidance,” a company spokesperson said in a widely reported media statement.
“Our analysis determined that our global network use of the vulnerable MOVEit Transfer software is limited. Having conducted our analysis, we have seen no evidence of impact to client data.”
Even if no data was exfiltrated during Clop’s MOVEit campaign, Deloitte now joins the other big four consulting firms linked to the hack. PwC, KPMG, and EY have all had data stolen by Clop. PwC, in particular, lost a trove of data to Clop, with the ransomware gang posting 11 batches of data on the darknet, and even some datasets on the clear web – a new tactic for the gang.
So far, despite claiming to have hacked Deloitte, Clop has not posted any of the supposedly stolen data.
The MOVEit hack began in May, with Progress Software making its customers aware of the issue in early June.
“Progress has discovered a vulnerability in MOVEit Transfer and MOVEit Cloud that could lead to escalated privileges and potential unauthorised access to the environment,” the company said in a security update at the time. “If you are a MOVEit Transfer customer, it is extremely important that you take immediate action in order to help protect your environment.”
Security company Rapid7 said at the time that the attack was likely “the work of a single threat actor throwing one exploit indiscriminately at exposed targets”, which turned out to be entirely correct.
At least 500 companies and tens of millions of individuals have since been affected, including Australian victims such as Medibank and mining company Fortescue.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.