760,000 Employee Records From Several Major Firms Leaked Online

2 weeks ago 9
News Banner

Looking for an Interim or Fractional CTO to support your business?

Read more

The information of more than 760,000 employees of several major organizations emerged online on Monday morning after a threat actor dumped it on a popular hacking forum.

The data apparently originates from last year’s massive MOVEit hack, in which a zero-day vulnerability in Progress Software’s file transfer software was used to steal sensitive information from thousands of organizations.

Roughly 2,800 organizations and close to 100 million individuals were affected by the attack, which is believed to have been carried out by the Russia-linked Cl0p ransomware gang.

The newly emerged data was posted on Monday on the BreachForums cybercrime forum by a threat actor named Nam3l3ss, who was previously associated with other data dumps linked to the MOVEit hack.

The leaked information apparently belongs to Bank of America, Koch, Nokia, JLL, Xerox, Morgan Stanley, and Bridgewater, and mainly includes names, employee emails, phone numbers, work ID numbers, job titles, and manager names.

Atlas Privacy-maintained data breach reporting service DataBreach, which added the data to its database to help individuals discover if they were impacted, believes that the information likely comes from Cl0p, but was filtered to extract relevant details.

“We believe the data originates from the Cl0p ransomware group, who frequently exploit vulnerabilities like MOVEit to exfiltrate and publish sensitive data as part of their extortion campaigns. It’s likely Name3l3ss dug through terabytes of darkweb data and repackaged it for wider consumption,” Atlas Privacy co-founder and CSO Tsachi (Zack) Ganot told SecurityWeek.

Atlas has sifted through the data and assesses that it belongs to 288,297 individuals working at Bank of America, 237,487 employees from Koch, 94,253 from Nokia, 62,349 from JLL, 42,735 from Xerox, 32,861 from Morgan Stanley, and 2,141 from Bridgewater.

Advertisement. Scroll to continue reading.

“This type of data provides threat actors with a detailed organizational map, making it valuable for social engineering attacks. Some breaches also contain supplementary information, such as real estate lease records or project documents, though these appear less substantial,” Ganot said.

The new data was leaked roughly three weeks after Nam3l3ss dumped on BreachForums a database containing the personal and work-related information of Amazon employees.

Related: Russian Hacker With $10 Million Bounty on His Head Reportedly Arrested

Related: Hackers Redirect $250,000 Payment in iLearningEngines Cyberattack

Related: Hacker Stole Secrets From OpenAI

Related: French Computer Hacker Jailed in US

Read Entire Article