MOVEit Data Breach 2023

Hey Techies!

We are writing to alert you about the recent MOVEit data breach that has impacted a number of organizations, including major energy giant Shell and U.S.-based First Merchants Bank. The widely exploited vulnerability in Progress Software’s MOVEit file transfer service has affected more than 200 organizations, with at least 33 data breach disclosures, impacting over 17.5 million individuals.

Shell confirmed that hackers gained unauthorized access to "some personal information relating to employees" through its MOVEit Transfer tool, used by a small number of Shell employees and customers. While Shell didn't specify the exact data accessed or the number of affected individuals, the company's website suggests that employees worldwide are affected. The Russia-linked Clop ransomware group claimed responsibility for the hacks and published Shell's data after the company refused to negotiate.

First Merchants Bank also confirmed a data breach affecting sensitive customer information resulting from the MOVEit hacks. Hackers accessed customer data, including addresses, Social Security numbers, online banking usernames, payee information, and financial account details. However, online or mobile banking passwords remain unaffected.

Several other organizations have also reported MOVEit-related data breaches, including energy giants Siemens Energy and Schneider Electric, law firm Proskauer, City National Bank, Cambridgeshire County Council in the U.K., Dublin Airport, and Wisconsin-based Madison College. The majority of impacted schools in the U.S. are also likely affected, given incidents involving the National Student Clearinghouse and the Teachers Insurance and Annuity Association of America.

As the situation evolves, we strongly urge you to stay vigilant and take necessary precautions to protect your personal information. Cybercriminals are becoming increasingly sophisticated, and no organization or individual is immune to cyber threats.

To safeguard your data, consider the following steps:

1. Review Security Practices: Regularly review and update your security practices, including password management and two-factor authentication.

2. Educate Yourself: Stay informed about the latest cybersecurity threats and best practices to defend against them.

3. Be Cautious with Emails: Avoid clicking on suspicious links or downloading attachments from unknown sources.

4. Monitor Financial Accounts: Regularly monitor your financial accounts for any unauthorized activity.

5. Report Suspicious Activity: If you suspect any cybersecurity incidents, report them promptly to the relevant authorities or your organization's IT team.

Cybersecurity is a shared responsibility, and together, we can help create a safer digital environment. We will continue to provide updates as we receive more information about the MOVEit data breach and related incidents.

Stay safe and protected!

At a time when cyberattacks are becoming increasingly common, it's essential to remain vigilant and take necessary steps to protect your personal information. We recommend implementing safe cybersecurity practices such as using strong passwords, enabling multi-factor authentication, and keeping software up-to-date, among others.

We also suggest staying up-to-date on the latest cybersecurity news and trends to be aware of potential threats and vulnerabilities. We encourage you to subscribe to and Share our newsletter to receive regular updates and insights on the ever-changing cybersecurity landscape. Let’s continue to grow our community of cybersecurity techies!

Link to cybersecurity newsletter: https://cybereducation101.beehiiv.com/subscribe

#stayvigilant