We review vendors based on rigorous testing and research but also take into account your feedback and our affiliate commission with providers. Some providers are owned by our parent company.
Learn more
vpnMentor was established in 2014 as an independent site reviewing VPN services and covering privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize the independent, professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.
Advertising Disclosure

vpnMentor was established in 2014 as an independent site reviewing VPN services and covering privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize the independent, professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.

Casualties of This Month’s MOVEit Attack Continue to Rise

Casualties of This Month’s MOVEit Attack Continue to Rise
Zane Kennedy Published on 30th June 2023 Cybersecurity Researcher

The cyberattacks targeting the popular MOVEit file transfer software have escalated into one of the most significant data breaches in recent years, affecting over 130 organizations and potentially compromising the personal information of millions of individuals.

The ongoing campaign, leveraging a zero-day vulnerability in Progress Software's MOVEit Transfer, continues to expose sensitive data across multiple industries, as highlighted by VPNMentor's previous report. The Russian cybercrime group known as Cl0p claimed responsibility for the attacks and has started naming the organizations that have refused to comply with their ransom demands.

According to Brett Callow, a threat analyst at cybersecurity firm Emsisoft, 138 organizations are known to have been impacted, compromising personal information belonging to more than 15 million individuals. However, the true extent of the breaches is expected to increase as more victims emerge and report the incidents.

Prominent organizations across different sectors have fallen victim to the breaches. Shell, Siemens Energy, Schneider Electric, Sony, EY, PwC, Cognizant, AbbVie, Kirkland & Ellis, and K&L Gates are among the entities targeted by Cl0p. Siemens Energy has confirmed that data was stolen during the attacks, but they reassured the public that no critical data was compromised and their operations were unaffected.

The impact of the MOVEit attacks extends beyond private corporations. Government organizations, including the US Department of Energy, the Health Department, and the Oregon DMV, have also been caught up in the breach. Even the New York City Department of Education has reported unauthorized access to files transferred through the MOVEit environment, affecting roughly 45,000 students' sensitive information.

The developers of the MOVEit software, Progress Software, have been conducting ongoing investigations and implementing patches to address vulnerabilities in MOVEit Transfer and MOVEit Cloud. The company has taken defensive measures to safeguard customer environments and mitigate potential risks. They have partnered with third-party experts, conducted code reviews, and urged customers to apply the patches, follow mitigation guidance, and monitor for any indicators of compromise.

As law enforcement agencies, including the FBI and local authorities, continue to investigate the breaches, affected organizations are working diligently to assess the extent of the compromise and notify impacted individuals.

While the full scope of the breaches and the amount of stolen data is yet to be determined, it is clear that the repercussions of this cyberattack will have long-lasting implications for individuals and organizations alike.

About the Author

Zane is a Cybersecurity Researcher and Writer at vpnMentor. His extensive experience in the tech and cybersecurity industries provides readers with accurate and trustworthy news stories and articles. He aims to help individuals protect themselves through informative content and awareness of cybersecurity's crucial role in today's digital landscape.