The number of businesses and people who would be impacted by the Russian Cl0p gang’s May 27 attack on Progress Software’s MOVEit Transfer app using a zero-day SQL injection vulnerability was quickly realized to be substantial.
The latest news confirms around 1,000 enterprises are part of the long list of victims. The first victim was the company Zellis, which offered payroll services among its well-known clients were British Airways, the BBC, and Aer Lingus, all of whom had data breaches.
READ MORE: Netragard: HOW NETRAGARD IS REVOLUTIONISING PENETRATION TESTING
The first victim was the payroll services firm Zellis, whose well-known clients included British Airways, the BBC, and Aer Lingus.
Cl0p acknowledged stealing data from “hundreds of companies” and promised to start releasing the personal details of its victims unless a ransom was paid.
Cl0p leaked some of the victims in June this year. The following weeks saw more details being revealed by them.
READ MORE: Backup and Storage Sector Gaining Huge Significance in the Current Cyber World
Now we know the hack has impacted around 1,000 businesses and 60 million people globally. There could be some variations in the number of affected individuals.
What Progress Software might have done differently is still impossible to imagine. By their very nature, zero-day vulnerabilities are challenging to guard against.
Organizations utilize MOVEit to send huge volumes of often sensitive data, like pension data, social security numbers, medical records, billing information and the like.