This HUGE And Recent Data Breach Practically Guarantees YOUR Personal Information Was Stolen
Back in May, the company MOVEit, a file transfer platform
made by Progress Software, was compromised by a Russian ransomware operation
called Cl0p. They used a vulnerability in Progress’s software that was unknown
to exist at the time. Shortly after the attack was noticed, a patch was issued.
However, some users continued to be attacked because they didn’t install it.
The software is used by thousands of governments and
financial institutions and hundreds of other public and private companies from
around the world, and it’s been estimated that at least 455 organizations and over
23 MILLION individuals who were customers of MOVEit have had their information stolen.
As the days, weeks, and months pass, more affected business and government
agencies have indicated that they, too, were compromised.
Some of these organizations include:
- The US Department of Energy
- New York City Department of Education
- UCLA
- Shell
- Ernst & Young
- Northwest Mutual
- Pacific Premier Bank
- TransAmerica Life Insurance
- Honeywell
- Bristol Myers Squibb
- Gen/Norton LifeLock
- Radisson Hotel
- BBC
- British Airways
The majority of those organizations (73%) are based in the
US, while the rest are international, with the most heavily impacted sectors
being finance, professional services and educational institutions.
Cl0p is a type of ransomware that has been used in cyber-attacks
since 2019. Data stolen is published to a site on the dark web – a section of
the worldwide web where cybercriminals sell and trade information without
having to reveal themselves. The ransomware and website have been linked to
FIN11, a financially motivated cybercrime operation that has been connected to
both Russia and Ukraine and is believed to be part of a larger umbrella
operation known as TA505.
What makes this attack so terrible is that many of the
organizations compromised provide services to many other companies and
government entities, which means it’s very likely their customers, patients, taxpayers
and students were compromised by association. As more victims come into the
light, the chances of the breach impacting millions more is imminent. And yes,
you’re probably one of them.
The big question is, were you notified?
For some reason, this breach didn’t make mainstream headlines, often only during the late news cycle when only those of us with insomnia were watching. The truth is, however, when a company is compromised, they are obligated to tell you if your data was stolen. This can come in the form of an e-mail or snail mail letter. However, due to spam filters, e-mail delivery is clearly not a reliable way to ensure an important message is received.
And, how many pieces of junk mail do you receive in your home mailbox that
never make it to the door, but rather wind up in the waste bin? Unless it is
clearly marked from an organization you recognize there is a pretty good chance
that it will not be opened in a timely manner, if at all. Let’s face it, the
logistics of organizing a letter for over 36 million people can take time. Just
like that proverbial check, the notification letters may still be “in the mail”.
What to do: If you suspect that your account credentials may
be among those compromised (and they probably are), you need to ensure that all
your passwords and PINs are changed ASAP! You must also be on the lookout for
any strange activity. Don’t use the same passwords and make sure they are at
least 12 or more characters long, using uppercase and lowercase letters, as
well as special characters and numbers. If you do not already used one,
consider a password management application like Keeper which will allow you to
use longer, more challenging passwords without losing your mind.
You should also ensure that MFA, or multifactor
authentication, is turned on for all critical software applications and
websites you use, such as Microsoft Office, QuickBooks, banking and payroll
software, your credit card processor, etc.
No comments:
Post a Comment